Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Mon, 23 Mar 2020 17:10:40 +0100
From: Julio Guerra <julio@...een.com>
To: musl@...ts.openwall.com
Cc: Vladimir de Turckheim <vladimir@...een.com>
Subject: [Bug] Do not ignore membarrier return code

Hello,

The implementation of dlopen() uses membarrier() (
https://git.musl-libc.org/cgit/musl/tree/ldso/dynlink.c#n1579) while
currently forbidden by the default docker seccomp profile.

I perfectly understand that it's on docker's end and I suggested them to
add it in this PR <https://github.com/moby/moby/pull/40731> but such a
critical syscall shouldn't be silently ignored. And it for example leads to
random segfaults on nodejs. I also saw opened qemu issues related to
membarrier + alpine.

dlopen() should therefore fail when membarrier fails (ie. in this case
when __membarrier(MEMBARRIER_CMD_PRIVATE_EXPEDITED,
0) != 0).

Happy to provide the patch if agreed!
All the best,
Julio Guerra

Content of type "text/html" skipped

Powered by blists - more mailing lists

Your e-mail address:

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.