Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Fri, 28 Mar 2014 20:18:28 +0800
From: orc <>
Subject: Re: be able to break inheritance of LD_LIBRARY_PATH

28 марта 2014 г. 18:42:08 KRAT, пишет:
>I was aware of musl for some time and now consider deploying it as
>a default library for new software builds, due to its very appealing
>Yet there is a small but important issue.
>For our software setup it is crucial (quite useful otherwise in
>to be able to specify the location of the dynamic libraries per
>_without_ the unconditional inheritance imposed by LD_LIBRARY_PATH.
>A very nice solution would be the ability to explicitely run a
>dynamic loader, as implemented in both glibc and uclibc. We are heavily
>relying on this functionality.
>I do not know how hard it would be to teach the musl loader
>to be runnable standalone and which corner cases this might create.
>As a simpler approach I might suggest simply being able to drop
>LD_LIBRARY_PATH as soon as it has been read. An extra environment
>variable as a flag would do.
>Compared to a standalone loader this lacks the ability to run
>a binary with a different version of the loader/musl but at least
>makes it straightforward and safe to freely specify where to find other
>A naïve implementation might look as follows:
>--- src/ldso/dynlink.c.ori      2014-03-28 10:37:34.821317811 +0100
>+++ src/ldso/dynlink.c  2014-03-28 11:21:16.828047766 +0100
>@@ -962,6 +962,7 @@
>        size_t vdso_base;
>        size_t *auxv;
>        char **envp = argv+argc+1;
>+       int forget_ld_library_path = 0;
>        /* Find aux vector just past environ[] */
>        for (i=argc+1; argv[i]; i++)
>@@ -969,8 +970,19 @@
>                        env_path = argv[i]+16;
>                else if (!memcmp(argv[i], "LD_PRELOAD=", 11))
>                        env_preload = argv[i]+11;
>+               else if (!memcmp(argv[i], "FORGET_LD_LIBRARY_PATH=",
>+                       forget_ld_library_path = 1;
>        auxv = (void *)(argv+i+1);
>+       /* one _may_ wish to break the inheritance of LD_LIBRARY_PATH,
>+        * the hack below only works if the corresponding memory is
>+        * -- rl */
>+       if (forget_ld_library_path)
>+               for (i=argc+1; argv[i]; i++)
>+                       if (!memcmp(argv[i], "LD_LIBRARY_PATH=", 16) ||
>+                           !memcmp(argv[i], "FORGET_LD_LIBRARY_PATH=",
>+                               argv[i][0] = 'X';
>        decode_vec(auxv, aux, AUX_CNT);
>        /* Only trust user/env if kernel says we're not suid/sgid */
>What do you think about this? Can this or something better be done?
>I would love to be able to go with musl.

Such change should be maintained locally by you probably. While LD_PRELOAD/LD_LIBRARY_PATH environment variables are "standard" enough (widely known), introduction of extra variables that control various aspects of dynamic linker internals is becoming a pain, especially for people writing security related software. For example, I already maintain such a local change that introduces LD_NORPATH (disables reading DT_RPATHs from executable, and forces it for all setuids).

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.