From patchwork Thu Mar 14 14:04:51 2019
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Florian Weimer <fweimer@redhat.com>
X-Patchwork-Id: 31852
Received: (qmail 107106 invoked by alias); 14 Mar 2019 14:04:57 -0000
Mailing-List: contact libc-alpha-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Id: <libc-alpha.sourceware.org>
List-Unsubscribe: <mailto:libc-alpha-unsubscribe-##L=##H@sourceware.org>
List-Subscribe: <mailto:libc-alpha-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-help@sourceware.org>,
	<http://sourceware.org/ml/#faqs>
Sender: libc-alpha-owner@sourceware.org
Delivered-To: mailing list libc-alpha@sourceware.org
Received: (qmail 107096 invoked by uid 89); 14 Mar 2019 14:04:57 -0000
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-19.2 required=5.0 tests=AWL, BAYES_00,
	GIT_PATCH_0, GIT_PATCH_1, GIT_PATCH_2, GIT_PATCH_3, KAM_SHORT,
	SPF_HELO_PASS autolearn=ham version=3.3.1 spammy=1785, NSS
X-HELO: mx1.redhat.com
From: Florian Weimer <fweimer@redhat.com>
To: Szabolcs Nagy <Szabolcs.Nagy@arm.com>
Cc: Szabolcs Nagy <nsz@port70.net>, nd <nd@arm.com>,
	"libc-alpha\@sourceware.org" <libc-alpha@sourceware.org>
Subject: Re: [PATCH] nss_files: Fix /etc/aliases null pointer dereference
	[BZ #24059]
References: <87a7k1531v.fsf@oldenburg2.str.redhat.com>
	<723b2509-9df4-315e-6e02-18be9d1beb42@arm.com>
	<874l9na6as.fsf@oldenburg2.str.redhat.com>
	<ce1dd533-a737-19f6-7fb5-1eadfea121b9@arm.com>
	<87ef8r8leg.fsf@oldenburg2.str.redhat.com>
	<20190202160154.GL21289@port70.net>
	<87y35ibujy.fsf@oldenburg2.str.redhat.com>
	<1204d7b1-d2d2-9369-9f7d-56857ad0a379@arm.com>
Date: Thu, 14 Mar 2019 15:04:51 +0100
In-Reply-To: <1204d7b1-d2d2-9369-9f7d-56857ad0a379@arm.com> (Szabolcs Nagy's
	message of "Wed, 13 Mar 2019 18:36:34 +0000")
Message-ID: <87k1h15z7g.fsf@oldenburg2.str.redhat.com>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/26.1 (gnu/linux)
MIME-Version: 1.0

* Szabolcs Nagy:

> On 13/03/2019 16:36, Florian Weimer wrote:
>> * Szabolcs Nagy:
>> 
>>> * Florian Weimer <fweimer@redhat.com> [2019-02-01 18:32:23 +0100]:
>>>> * Szabolcs Nagy:
>>>>>
>>>>> libnss_files.so.2 is not listed as explicit dependency
>>>>> for some reason so it is not loaded at program startup,
>>>>> but after chroot is entered, but it's not available in
>>>>> the chroot so the first api call fails.
>>>>
>>>> There's already this in nss/Makefile:
>>>>
>>>> $(objpfx)tst-nss-files-alias-truncated: $(objpfx)/libnss_files.so
>>>>
>>>> I expected this causes a DT_NEEDED entry to be added to the executable,
>>>> so it is loaded upon startup, outside of the chroot.
>>>
>>> it seems debian/ubuntu gcc always passes --as-needed to the linker
>>> https://wiki.debian.org/ToolChain/DSOLinking
>>>
>>> so either a reference is needed to the lib or
>>>  -Wl,--no-as-needed lib -Wl,--as-needed
>>> ldflag to force a DT_NEEDED.
>>>
>>> ..or copy the lib to the chroot.
>> 
>> So what should we do here?
>> 
>> Should we disable --as-needed across the board?  Or should we fix the
>> test?
>
> ideally the chroot should have all the runtime libs that
> may be loaded, if that's too big hassle, then i'd fix
> the test (to enforce DT_NEEDED or use dlopen before chroot).

Let's do it via dlopen.  See below.

Thanks,
Florian

nss: Fix tst-nss-files-alias-truncated for default --as-needed linking

Linking to the NSS module directly does not work if the linker defaults
to --as-needed because it will remove the apparently unused DSO
reference and not generate a DT_NEEDED entry.  Use an explicit dlopen
call, like in the other chroot tests involving NSS modules.

2019-03-14  Florian Weimer  <fweimer@redhat.com>

	* nss/tst-nss-files-alias-truncated.c (do_test): Load
	libnss_files.
	* nss/Makefile (tst-nss-files-alias-truncated): Link with -ldl,
	but not with libnss_files.
	(tst-nss-files-alias-truncated.out): Depend on libnss_files.

diff --git a/nss/Makefile b/nss/Makefile
index a8caa8af38..95081bddc5 100644
--- a/nss/Makefile
+++ b/nss/Makefile
@@ -178,4 +178,5 @@ $(objpfx)tst-nss-files-hosts-multi: $(libdl)
 $(objpfx)tst-nss-files-hosts-getent: $(libdl)
 $(objpfx)tst-nss-files-alias-leak: $(libdl)
 $(objpfx)tst-nss-files-alias-leak.out: $(objpfx)/libnss_files.so
-$(objpfx)tst-nss-files-alias-truncated: $(objpfx)/libnss_files.so
+$(objpfx)tst-nss-files-alias-truncated: $(libdl)
+$(objpfx)tst-nss-files-alias-truncated.out: $(objpfx)/libnss_files.so
diff --git a/nss/tst-nss-files-alias-truncated.c b/nss/tst-nss-files-alias-truncated.c
index 2d6aba3c0e..029ae6a2a7 100644
--- a/nss/tst-nss-files-alias-truncated.c
+++ b/nss/tst-nss-files-alias-truncated.c
@@ -17,11 +17,13 @@
    <http://www.gnu.org/licenses/>.  */
 
 #include <aliases.h>
+#include <gnu/lib-names.h>
 #include <nss.h>
 #include <stddef.h>
 #include <support/check.h>
 #include <support/namespace.h>
 #include <support/test-driver.h>
+#include <support/xdlfcn.h>
 #include <support/xunistd.h>
 
 static void
@@ -42,8 +44,9 @@ in_chroot (void *closure)
 static int
 do_test (void)
 {
-  /* nss_files has already been loaded via DT_NEEDED, outside the
-     chroot.  */
+  /* Make sure we don't try to load the module in the chroot.  */
+  xdlopen (LIBNSS_FILES_SO, RTLD_NOW);
+
   __nss_configure_lookup ("aliases", "files");
 
   support_become_root ();