Date: Fri, 28 Mar 2014 20:18:28 +0800 From: orc <orc@...server.ru> To: musl@...ts.openwall.com Subject: Re: be able to break inheritance of LD_LIBRARY_PATH 28 марта 2014 г. 18:42:08 KRAT, u-igbb@...ey.se пишет: >Hello, > >I was aware of musl for some time and now consider deploying it as >a default library for new software builds, due to its very appealing >virtues. > >Yet there is a small but important issue. > >For our software setup it is crucial (quite useful otherwise in >general) >to be able to specify the location of the dynamic libraries per >binary/run >_without_ the unconditional inheritance imposed by LD_LIBRARY_PATH. > >A very nice solution would be the ability to explicitely run a >standalone >dynamic loader, as implemented in both glibc and uclibc. We are heavily >relying on this functionality. > >I do not know how hard it would be to teach the musl loader >to be runnable standalone and which corner cases this might create. > >As a simpler approach I might suggest simply being able to drop >LD_LIBRARY_PATH as soon as it has been read. An extra environment >variable as a flag would do. > >Compared to a standalone loader this lacks the ability to run >a binary with a different version of the loader/musl but at least >makes it straightforward and safe to freely specify where to find other >libraries. > >A naïve implementation might look as follows: > >--- src/ldso/dynlink.c.ori 2014-03-28 10:37:34.821317811 +0100 >+++ src/ldso/dynlink.c 2014-03-28 11:21:16.828047766 +0100 >@@ -962,6 +962,7 @@ > size_t vdso_base; > size_t *auxv; > char **envp = argv+argc+1; >+ int forget_ld_library_path = 0; > > /* Find aux vector just past environ */ > for (i=argc+1; argv[i]; i++) >@@ -969,8 +970,19 @@ > env_path = argv[i]+16; > else if (!memcmp(argv[i], "LD_PRELOAD=", 11)) > env_preload = argv[i]+11; >+ else if (!memcmp(argv[i], "FORGET_LD_LIBRARY_PATH=", >23)) >+ forget_ld_library_path = 1; > auxv = (void *)(argv+i+1); > >+ /* one _may_ wish to break the inheritance of LD_LIBRARY_PATH, >+ * the hack below only works if the corresponding memory is >writable >+ * -- rl */ >+ if (forget_ld_library_path) >+ for (i=argc+1; argv[i]; i++) >+ if (!memcmp(argv[i], "LD_LIBRARY_PATH=", 16) || >+ !memcmp(argv[i], "FORGET_LD_LIBRARY_PATH=", >23)) >+ argv[i] = 'X'; >+ > decode_vec(auxv, aux, AUX_CNT); > > /* Only trust user/env if kernel says we're not suid/sgid */ > > >What do you think about this? Can this or something better be done? >I would love to be able to go with musl. > >Regards, >Rune Such change should be maintained locally by you probably. While LD_PRELOAD/LD_LIBRARY_PATH environment variables are "standard" enough (widely known), introduction of extra variables that control various aspects of dynamic linker internals is becoming a pain, especially for people writing security related software. For example, I already maintain such a local change that introduces LD_NORPATH (disables reading DT_RPATHs from executable, and forces it for all setuids).
Powered by blists - more mailing lists
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.