From: Baojun Wang <wangbj@gmail.com>
To: Florian Weimer <fweimer@redhat.com>
Cc: libc-help@sourceware.org
Subject: Re: dlmopen in LD_PRELOAD
Date: Tue, 18 Jun 2019 04:15:00 -0000 [thread overview]
Message-ID: <CAC+a-TYjvBbS78ETG9qS_1VjkS6j2A2FAM5KJM_gmHKVcRPz9Q@mail.gmail.com> (raw)
In-Reply-To: <87sgs8c9x7.fsf@oldenburg2.str.redhat.com>
Hi Florian,
(re-send because previous email failed to send due to attachment)
I made a tiny project this issue, it didn't show the same failure, however
it did segfaults inside the library being `dlmopen`-ed.
link: `git clone https://github.com/wangbj/dlns-test.git`
(sorry attachment seems to cause failure to send message)
run.c: an launcher to inject DSOs.
preload.c: a mini loader using LD_PRELOAD -> dlmopen
dlns.c: DSO being `dlmopen`-ed
app.c: app being injected with DSOs.
running `make test` should reproduce the issue. (need to run `ulimit -c
unlimited` to get core dump).
In app.c, it used manual symbol lookups to find symbols in libdlns.so
(built from dlns.c), so it might have broken the total isolation
assumption, maybe this isn't something suppose to happen?
Thanks
On Mon, Jun 17, 2019 at 3:02 PM Florian Weimer <fweimer@redhat.com> wrote:
> * Baojun Wang:
>
> >> Does the library you load via dlmopen contain its own definition of
> >> malloc, perhaps indirectly?
> >
> > I don't think so, though the dynamic library does depends on libc.so.
>
> The malloc loaded from glibc's libc.so.6 should work in this scenario,
> and we have tests for basic dlmopen usage to prove this.
>
> > Also worth mentioning is if I manually patch `__get_nprocs`, which is
> > called `area_get2`, then I can see the stack overflow any longer. the
> > pseudo assembly used to patch `__get_nprocs`:
>
> Hmm. Do you have a small reproducer which only uses C libraries?
>
> Thanks,
> Florian
>
next prev parent reply other threads:[~2019-06-18 4:15 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-06-17 18:06 Baojun Wang
2019-06-17 18:40 ` Florian Weimer
2019-06-17 18:55 ` Baojun Wang
2019-06-17 18:58 ` Baojun Wang
2019-06-17 19:02 ` Florian Weimer
2019-06-18 4:15 ` Baojun Wang [this message]
2019-06-21 11:53 ` Florian Weimer
2019-06-21 14:11 ` Baojun Wang
2019-06-21 16:11 ` Florian Weimer
2019-06-21 20:23 ` Baojun Wang
2019-07-04 13:22 ` Florian Weimer
2019-07-05 18:21 ` Florian Weimer
2019-07-05 18:26 ` Baojun Wang
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=CAC+a-TYjvBbS78ETG9qS_1VjkS6j2A2FAM5KJM_gmHKVcRPz9Q@mail.gmail.com \
--to=wangbj@gmail.com \
--cc=fweimer@redhat.com \
--cc=libc-help@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).