From patchwork Tue Jul 6 10:21:31 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fergus Dall X-Patchwork-Id: 44163 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 70371382C40F for ; Tue, 6 Jul 2021 10:23:13 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 70371382C40F DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1625566993; bh=Rmrca0lxi/4P5RnvldEGLhnwMErkRZzlVxGZvq2G/r0=; h=Date:In-Reply-To:References:Subject:To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=m81vVEwbrPg1lzgA8YpKW8uXD//eRxc60u3KZoIpwFuJiDBZp9CF1MTF4QRowfHq3 SzY2BEoC42LywoOsjR2YCjcP4jBKAyYXaT1IT8eJP2b83SrQz11snA2y0TZwLeKEda wypcrzqkHrIT4TqMjV+OI8Ej8rpyBb1GOm38WGks= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-yb1-xb49.google.com (mail-yb1-xb49.google.com [IPv6:2607:f8b0:4864:20::b49]) by sourceware.org (Postfix) with ESMTPS id 00C1B382C417 for ; Tue, 6 Jul 2021 10:22:35 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 00C1B382C417 Received: by mail-yb1-xb49.google.com with SMTP id 132-20020a25158a0000b029055791ebe1e6so26929186ybv.20 for ; Tue, 06 Jul 2021 03:22:35 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=Rmrca0lxi/4P5RnvldEGLhnwMErkRZzlVxGZvq2G/r0=; b=QMSFOfKqQqm2iFCfOyLfFzfexqLRwvM+vIcICLJwX2g/1n83H5haRdJ5xomTI66W5D BIjGiratq+LJkrcqVig5cdAJJ9cLsqSqquOn2qtwZCZ/c8G8b8zZ7V58bCQAYAeqQzwX EIJJ+PhetuW0jaDKhk8irUiWdlX+BXu1ZX/yYxM7wwTzNMy8lytUwVmteLN/d34Zqfif r3PmzWoY4i0V/zuS+mFHPB/c9HS/aoxPks/e1gbxmdQPq43KNMP2nXYOiAqUyyTGd+Ym 52UTer/ezJDU2GegE9wm0wFWo7VFIvCM+CdT7QIofWKmMH5pJU46ClRnEEL3q1GHtJ72 k5hA== X-Gm-Message-State: AOAM530yLIl0Idzbkt6vvZQohXMdcVyD5ZWyjaWHNGb8lZh5n3WyN7C8 mwUCZ1h/0P8d+pdgk75csg/UAsMDCjAkc5CDffg0OibKNuM8PYs4JhLBS9Xvn9LAa0NU23aUmbE jvFSRNSg6MZusLfjy0nDPizf6iiSuMbSSMknWAXILWgTRvgBsvLPp8+N6qQXU9A0DxYR/JmM= X-Google-Smtp-Source: ABdhPJx/ekasN4TNrUS2fpTQvBje0cQG7PEInqJxI267GyQFzC2wLqh/z5PwukEtIoTFgZ7YIlgY98VMmJFQ7g== X-Received: from sidereal.syd.corp.google.com ([2401:fa00:9:14:5de5:2842:4686:770d]) (user=sidereal job=sendgmr) by 2002:a25:ff11:: with SMTP id c17mr22906510ybe.9.1625566955444; Tue, 06 Jul 2021 03:22:35 -0700 (PDT) Date: Tue, 6 Jul 2021 20:21:31 +1000 In-Reply-To: <20210706102132.2170854-1-sidereal@google.com> Message-Id: <20210706102132.2170854-2-sidereal@google.com> Mime-Version: 1.0 References: <20210706102132.2170854-1-sidereal@google.com> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog Subject: [PATCH v4 1/2] rtld: Add --no-default-paths option To: libc-alpha@sourceware.org X-Spam-Status: No, score=-20.0 required=5.0 tests=BAYES_00, DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Fergus Dall via Libc-alpha From: Fergus Dall Reply-To: Fergus Dall Cc: fweimer@redhat.com, chromeos-toolchain@google.com, clumptini@google.com, Fergus Dall , joseph@codesourcery.com Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" This option causes the default library search path to be skipped, using only the paths in DT_RPATH, LD_LIBRARY_PATH, and DT_RUNPATH. This option implies --inhibit-cache, as there is no point in searching a cache of system libraries when we are not using the system libraries at all. This is necessary to preserve negative search results when isolating applications from the system libraries. This can be important when an application uses dlopen at run time to load optional libraries. When a shared library is required by the application, it can be isolated by putting appropriate versions of the libraries in directories specified in LD_LIBRARY_PATH, because the library search will always terminate before potentially loading any system libraries. On the other hand, if the application should be run without an optional library, the search will proceed past the LD_LIBRARY_PATH directories into the default system libraries, potentially causing an incorrect library to be linked. --- NEWS | 4 ++++ elf/dl-load.c | 6 ++++-- elf/dl-support.c | 2 ++ elf/dl-usage.c | 2 ++ elf/rtld.c | 10 ++++++++++ sysdeps/generic/ldsodefs.h | 3 +++ 6 files changed, 25 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 8e72946c3f..790034d837 100644 --- a/NEWS +++ b/NEWS @@ -60,6 +60,10 @@ Major new features: to call async-signal-safe functions (such as raise or execve). This function is currently a GNU extension. +* The dynamic linker has gained the --no-default-paths option, which + causes it to ignore libraries in the default (compiled in) system + paths even if all higher precedence locations have been searched. + Deprecated and removed features, and other changes affecting compatibility: * The function pthread_mutex_consistent_np has been deprecated; programs diff --git a/elf/dl-load.c b/elf/dl-load.c index a08df001af..0a14cbb87c 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -2258,7 +2258,8 @@ _dl_map_object (struct link_map *loader, const char *name, if (fd == -1 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB))) - && __rtld_search_dirs.dirs != (void *) -1) + && __rtld_search_dirs.dirs != (void *) -1 + && __glibc_likely (GLRO(dl_search_default_paths))) fd = open_path (name, namelen, mode, &__rtld_search_dirs, &realname, &fb, l, LA_SER_DEFAULT, &found_other_class); @@ -2438,7 +2439,8 @@ _dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting) a way to indicate that in the results for Dl_serinfo. */ /* Finally, try the default path. */ - if (!(loader->l_flags_1 & DF_1_NODEFLIB)) + if (!(loader->l_flags_1 & DF_1_NODEFLIB) + && __glibc_likely (GLRO(dl_search_default_paths))) add_path (&p, &__rtld_search_dirs, XXX_default); if (counting) diff --git a/elf/dl-support.c b/elf/dl-support.c index dfc9ab760e..def75550aa 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -144,6 +144,8 @@ size_t _dl_minsigstacksize = CONSTANT_MINSIGSTKSZ; int _dl_inhibit_cache; +int _dl_search_default_paths; + unsigned int _dl_osversion; /* All known directories in sorted order. */ diff --git a/elf/dl-usage.c b/elf/dl-usage.c index 5ad3a72559..b5ae44932a 100644 --- a/elf/dl-usage.c +++ b/elf/dl-usage.c @@ -247,6 +247,8 @@ setting environment variables (which would be inherited by subprocesses).\n\ --inhibit-cache Do not use " LD_SO_CACHE "\n\ --library-path PATH use given PATH instead of content of the environment\n\ variable LD_LIBRARY_PATH\n\ + --no-default-paths do not use the default library search path\n\ + (this option implies --inhibit-cache)\n\ --glibc-hwcaps-prepend LIST\n\ search glibc-hwcaps subdirectories in LIST\n\ --glibc-hwcaps-mask LIST\n\ diff --git a/elf/rtld.c b/elf/rtld.c index fbbd60b446..8eb76b8998 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -360,6 +360,7 @@ struct rtld_global_ro _rtld_global_ro attribute_relro = ._dl_fpu_control = _FPU_DEFAULT, ._dl_pagesize = EXEC_PAGESIZE, ._dl_inhibit_cache = 0, + ._dl_search_default_paths = 1, /* Function pointers. */ ._dl_debug_printf = _dl_debug_printf, @@ -1204,6 +1205,15 @@ dl_main (const ElfW(Phdr) *phdr, _dl_argc -= 2; _dl_argv += 2; } + else if (! strcmp (_dl_argv[1], "--no-default-paths")) + { + GLRO(dl_search_default_paths) = 0; + GLRO(dl_inhibit_cache) = 1; + + ++_dl_skip_args; + --_dl_argc; + ++_dl_argv; + } else if (! strcmp (_dl_argv[1], "--inhibit-rpath") && _dl_argc > 2) { diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index 176394de4d..d7c9b9e477 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -551,6 +551,9 @@ struct rtld_global_ro /* Do we read from ld.so.cache? */ EXTERN int _dl_inhibit_cache; + /* Do we search the default system paths? */ + EXTERN int _dl_search_default_paths; + /* Copy of the content of `_dl_main_searchlist' at startup time. */ EXTERN struct r_scope_elem _dl_initial_searchlist; From patchwork Tue Jul 6 10:21:32 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fergus Dall X-Patchwork-Id: 44164 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 1F109382C40E for ; Tue, 6 Jul 2021 10:23:58 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 1F109382C40E DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1625567038; bh=guCoFv3QAcrYaxrzQdvMSImOHztRWAHkljyjJD+r/OA=; h=Date:In-Reply-To:References:Subject:To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=pqpVYoqaKo/n5sGps8YtyW37Oiufhl86r6iWY4fO560Fh5YTjI4W/pMHqEJB/6KI9 Yo0Fe/h7SXZmTEFJPBQ0ihW/mLdLtM2i5kd/+9VgVmFgg1JaFkGkfbv1mBhV8c9fPf eA/RNLdM/E7VYLlC1kdsuB+2ekmUqVadsbkcaUKg= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-qk1-x74a.google.com (mail-qk1-x74a.google.com [IPv6:2607:f8b0:4864:20::74a]) by sourceware.org (Postfix) with ESMTPS id 553D6382C429 for ; Tue, 6 Jul 2021 10:22:53 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 553D6382C429 Received: by mail-qk1-x74a.google.com with SMTP id bi3-20020a05620a3183b02903b55bbe1ef9so203882qkb.13 for ; Tue, 06 Jul 2021 03:22:53 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:in-reply-to:message-id:mime-version :references:subject:from:to:cc; bh=guCoFv3QAcrYaxrzQdvMSImOHztRWAHkljyjJD+r/OA=; b=ZX2O3Tx84ibEjFBkOYwv5o7KEUwgFVMd6fn5QUQViPj+BqIYBgB1cPGggjchYmnpfV jFSgjNyqiS/0rQ0J70jxd4mr+nYMfEg5K3AOlGD9lBHpWkzIvFHUWwY0xYH9Eealu+le miB3pSWeXWGZ6Hz4Dq++Fmq/NxBx7Z/9b9Lln7M54VyMcNQExcOqFm5T7h1lejgtCs9W RINWXv1uJOPL2qLlTH2JQ0uMds+DW8lkmUFvhV6EtO3xAsvE7M437WTamxgckRH/GIOj 8WggxF74CuTcSYNSPYw+O5kcPWsCI4pf0gd2R/Ievv6wsIK+EhHbOPIlNGiBQKFfOHXj knNw== X-Gm-Message-State: AOAM533Hd6ysW7TUiXdXCpdf0WPjF52s7cT8ayUP/V9xCPOkWzuJuxYg 8tkjwKuyxWW3bwfGQxJe01TZ503qZWrEmM6NBqgRXJp2BBHxMMsa3z0evm8imrrYLTI9Jsq3E+D U2gjHiChdO0nSbzwQkBVhPYfuJNPNno74rpv1PTnGoUzbQjvzwTGe97Xi2AtWCSDauKAGZSo= X-Google-Smtp-Source: ABdhPJwt7qUJpAQ5KBAwBVrACVwvimQYI/ctlRf0bmXl0WYIVZ4XMd/knshrrRWTGinxRCkaDap20Q8hgetESQ== X-Received: from sidereal.syd.corp.google.com ([2401:fa00:9:14:5de5:2842:4686:770d]) (user=sidereal job=sendgmr) by 2002:a05:6214:13d3:: with SMTP id cg19mr17676403qvb.50.1625566972866; Tue, 06 Jul 2021 03:22:52 -0700 (PDT) Date: Tue, 6 Jul 2021 20:21:32 +1000 In-Reply-To: <20210706102132.2170854-1-sidereal@google.com> Message-Id: <20210706102132.2170854-3-sidereal@google.com> Mime-Version: 1.0 References: <20210706102132.2170854-1-sidereal@google.com> X-Mailer: git-send-email 2.32.0.93.g670b81a890-goog Subject: [PATCH v4 2/2] rtld: Add tests for new --no-default-paths option To: libc-alpha@sourceware.org X-Spam-Status: No, score=-20.1 required=5.0 tests=BAYES_00, DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_SHORT, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.4 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Fergus Dall via Libc-alpha From: Fergus Dall Reply-To: Fergus Dall Cc: fweimer@redhat.com, chromeos-toolchain@google.com, clumptini@google.com, Fergus Dall , joseph@codesourcery.com Errors-To: libc-alpha-bounces+patchwork=sourceware.org@sourceware.org Sender: "Libc-alpha" --- elf/Makefile | 15 ++++- elf/tst-no-default-paths-dlinfo.c | 96 ++++++++++++++++++++++++++++++ elf/tst-no-default-paths-dlopen.c | 97 +++++++++++++++++++++++++++++++ elf/tst-no-default-paths-helper.c | 69 ++++++++++++++++++++++ support/Makefile | 1 + support/support.h | 4 ++ support/support_paths.c | 6 ++ 7 files changed, 285 insertions(+), 3 deletions(-) create mode 100644 elf/tst-no-default-paths-dlinfo.c create mode 100644 elf/tst-no-default-paths-dlopen.c create mode 100644 elf/tst-no-default-paths-helper.c diff --git a/elf/Makefile b/elf/Makefile index 698a6ab985..267e920561 100644 --- a/elf/Makefile +++ b/elf/Makefile @@ -224,7 +224,7 @@ tests += restest1 preloadtest loadfail multiload origtest resolvfail \ tst-tls-ie tst-tls-ie-dlmopen argv0test \ tst-glibc-hwcaps tst-glibc-hwcaps-prepend tst-glibc-hwcaps-mask \ tst-tls20 tst-tls21 tst-dlmopen-dlerror tst-dlmopen-gethostbyname \ - tst-dl-is_dso + tst-dl-is_dso tst-no-default-paths-helper # reldep9 tests-internal += loadtest unload unload2 circleload1 \ neededtest neededtest2 neededtest3 neededtest4 \ @@ -232,7 +232,8 @@ tests-internal += loadtest unload unload2 circleload1 \ tst-ptrguard1 tst-stackguard1 tst-libc_dlvsym \ tst-create_format1 tst-tls-surplus tst-dl-hwcaps_split tests-container += tst-pldd tst-dlopen-tlsmodid-container \ - tst-dlopen-self-container tst-preload-pthread-libc + tst-dlopen-self-container tst-preload-pthread-libc \ + tst-no-default-paths-dlopen tst-no-default-paths-dlinfo test-srcs = tst-pathopt selinux-enabled := $(shell cat /selinux/enforce 2> /dev/null) ifneq ($(selinux-enabled),1) @@ -442,7 +443,8 @@ ifeq (yes,$(build-shared)) ifeq ($(run-built-tests),yes) tests-special += $(objpfx)tst-pathopt.out $(objpfx)tst-rtld-load-self.out \ $(objpfx)tst-rtld-preload.out $(objpfx)argv0test.out \ - $(objpfx)tst-rtld-help.out + $(objpfx)tst-rtld-help.out \ + $(objpfx)tst-no-default-paths-helper.out endif tests-special += $(objpfx)check-textrel.out $(objpfx)check-execstack.out \ $(objpfx)check-wx-segment.out \ @@ -1295,6 +1297,13 @@ tst-tst-dlopen-self-no-pie = yes CFLAGS-tst-dlopen-self-pie.c += $(pie-ccflag) LDFLAGS-tst-dlopen-self-container += -Wl,-rpath,\$$ORIGIN +$(objpfx)tst-no-default-paths-dlopen.out: $(objpfx)tst-no-default-paths-helper +$(objpfx)tst-no-default-paths-dlinfo.out: $(objpfx)tst-no-default-paths-helper +$(objpfx)tst-no-default-paths-helper.out: + touch $@ + $(evaluate-test) +$(objpfx)tst-no-default-paths-helper: $(libdl) $(objpfx)tst-no-default-paths-helper.o + CFLAGS-ifuncmain1pic.c += $(pic-ccflag) CFLAGS-ifuncmain1picstatic.c += $(pic-ccflag) CFLAGS-ifuncmain1staticpic.c += $(pic-ccflag) diff --git a/elf/tst-no-default-paths-dlinfo.c b/elf/tst-no-default-paths-dlinfo.c new file mode 100644 index 0000000000..b9f534f14d --- /dev/null +++ b/elf/tst-no-default-paths-dlinfo.c @@ -0,0 +1,96 @@ +/* Test that dlinfo respects --no-default-paths + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +const char libs_dir[] = "/tmp/tst-no-default-paths-dlinfo"; +const char elf_dir[] = "/elf"; +const char marker_lib[] = "/libmarkermod1.so"; +const char libc[] = "/" LIBC_SO; +const char libdl[] = "/" LIBDL_SO; +const char helper_program[] = "/tst-no-default-paths-helper"; + +// Link system lib into libs_dir so the child process can access it +static void +link_system_lib_to_dir (const char *system_lib) +{ + char lib_src[4096] = {}; + strcpy (lib_src, support_slibdir_prefix); + strcat (lib_src, system_lib); + + char lib_dest[4096] = {}; + strcpy (lib_dest, libs_dir); + strcat (lib_dest, system_lib); + + unlink (lib_dest); + xsymlink (lib_src, lib_dest); +} + +// Link libmarker into libs_dir also +static void +link_libmarker (void) +{ + char marker_src[4096] = {}; + strcpy (marker_src, support_objdir_root); + strcat (marker_src, elf_dir); + strcat (marker_src, marker_lib); + + char marker_dest[4096] = {}; + strcpy (marker_dest, libs_dir); + strcat (marker_dest, marker_lib); + + unlink (marker_dest); + xsymlink (marker_src, marker_dest); +} + +static int +do_test (void) +{ + xmkdirp (libs_dir, 0755); + + link_system_lib_to_dir (libc); + link_system_lib_to_dir (libdl); + link_libmarker (); + + char helper_path[4096] = {}; + strcpy (helper_path, support_objdir_root); + strcat (helper_path, elf_dir); + strcat (helper_path, helper_program); + + char *const argv[] = + { + strdup (support_container_elf_ldso_path), + strdup ("--no-default-paths"), + strdup ("--library-path"), + strdup (libs_dir), + helper_path, + strdup ("dlinfo"), + NULL + }; + + int ret = support_subprogram_wait (argv[0], argv); + + return WEXITSTATUS (ret); +} + +#include diff --git a/elf/tst-no-default-paths-dlopen.c b/elf/tst-no-default-paths-dlopen.c new file mode 100644 index 0000000000..c74beaa970 --- /dev/null +++ b/elf/tst-no-default-paths-dlopen.c @@ -0,0 +1,97 @@ +/* Test that --no-default-paths doesn't search system dirs + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +const char libs_dir[] = "/tmp/tst-no-default-paths-dlopen"; +const char elf_dir[] = "/elf"; +const char marker_lib[] = "/libmarkermod1.so"; +const char libc[] = "/" LIBC_SO; +const char libdl[] = "/" LIBDL_SO; +const char helper_program[] = "/tst-no-default-paths-helper"; + +// Link system lib into libs_dir so the child process can access it +static void +link_system_lib_to_dir (const char *system_lib) +{ + char lib_src[4096] = {}; + strcpy (lib_src, support_slibdir_prefix); + strcat (lib_src, system_lib); + + char lib_dest[4096] = {}; + strcpy (lib_dest, libs_dir); + strcat (lib_dest, system_lib); + + unlink (lib_dest); + xsymlink (lib_src, lib_dest); +} + +// Link libmarker into the system libs directory, where the child should *not* +// be able to find it. +static void +link_libmarker (void) +{ + char marker_src[4096] = {}; + strcpy (marker_src, support_objdir_root); + strcat (marker_src, elf_dir); + strcat (marker_src, marker_lib); + + char marker_dest[4096] = {}; + strcat (marker_dest, support_slibdir_prefix); + strcat (marker_dest, marker_lib); + + unlink (marker_dest); + xsymlink (marker_src, marker_dest); +} + +static int +do_test (void) +{ + xmkdirp (libs_dir, 0755); + + link_system_lib_to_dir (libc); + link_system_lib_to_dir (libdl); + link_libmarker (); + + char helper_path[4096] = {}; + strcpy (helper_path, support_objdir_root); + strcat (helper_path, elf_dir); + strcat (helper_path, helper_program); + + char *const argv[] = + { + strdup (support_container_elf_ldso_path), + strdup ("--no-default-paths"), + strdup ("--library-path"), + strdup (libs_dir), + helper_path, + strdup ("dlopen"), + NULL + }; + + int ret = support_subprogram_wait (argv[0], argv); + + return WEXITSTATUS (ret); +} + +#include diff --git a/elf/tst-no-default-paths-helper.c b/elf/tst-no-default-paths-helper.c new file mode 100644 index 0000000000..6ccab27deb --- /dev/null +++ b/elf/tst-no-default-paths-helper.c @@ -0,0 +1,69 @@ +/* Helper for --no-default-paths tests + Copyright (C) 2021 Free Software Foundation, Inc. + This file is part of the GNU C Library. + + The GNU C Library is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + The GNU C Library is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with the GNU C Library; if not, see + . */ + +#include +#include +#include +#include +#include +#include + +const char marker_lib[] = "libmarkermod1.so"; +const char usage[] = "Call this as \"helper dlopen\" or \"helper dlinfo\"\n"; + +int +main (int argc, char *argv[]) +{ + if (argc < 2) + FAIL_EXIT1 (usage); + + int mode; + if (strcmp (argv[1], "dlopen") == 0) + mode = 0; + else if (strcmp (argv[1], "dlinfo") == 0) + mode = 1; + else + FAIL_EXIT1 (usage); + + void *handle = dlopen ("libmarkermod1.so", RTLD_LAZY); + if (handle == NULL) + { + if (mode) + FAIL_EXIT1 ("Failed to load libmarkermod1.so\n"); + return 0; + } + else if (handle && mode == 0) + FAIL_EXIT1 ("Loaded libmarkermod1.so successfully!\n"); + + Dl_serinfo *buffer = xmalloc (sizeof(*buffer)); + if (dlinfo (handle, RTLD_DI_SERINFOSIZE, buffer)) + FAIL_EXIT1 ("dlinfo failed: %s\n", dlerror()); + + buffer = xrealloc (buffer, buffer->dls_size); + if (dlinfo (handle, RTLD_DI_SERINFO, buffer)) + FAIL_EXIT1 ("dlinfo failed: %s\n", dlerror ()); + + // Checking if two paths are equal is tricky, so just check that there's + // exactly one and that it starts with /tmp, which should be sufficient to + // prove that the system paths have been excluded. + TEST_VERIFY_EXIT (buffer->dls_cnt == 1); + const char *name = buffer->dls_serpath[0].dls_name; + TEST_VERIFY_EXIT (strstr (name, "/tmp") == name); + + return 0; +} diff --git a/support/Makefile b/support/Makefile index 5c69f0de4b..9730f6b7dc 100644 --- a/support/Makefile +++ b/support/Makefile @@ -212,6 +212,7 @@ CFLAGS-support_paths.c = \ -DSRCDIR_PATH=\"`cd .. ; pwd`\" \ -DOBJDIR_PATH=\"`cd $(objpfx)/..; pwd`\" \ -DOBJDIR_ELF_LDSO_PATH=\"`cd $(objpfx)/..; pwd`/elf/$(rtld-installed-name)\" \ + -DCONTAINER_ELF_LDSO_PATH=\"$(rtlddir)/$(rtld-installed-name)\" \ -DINSTDIR_PATH=\"$(prefix)\" \ -DLIBDIR_PATH=\"$(libdir)\" \ -DBINDIR_PATH=\"$(bindir)\" \ diff --git a/support/support.h b/support/support.h index 9ec8ecb8d7..21f994067d 100644 --- a/support/support.h +++ b/support/support.h @@ -108,6 +108,10 @@ extern const char support_objdir_root[]; e.g. OBJDIR_PATH/elf/ld-linux-x86-64.so.2 */ extern const char support_objdir_elf_ldso[]; +/* Corresponds to the path to the runtime linker for containerised tests, + e.g. /lib64/ld-linux-x86-64.so.2 */ +extern const char support_container_elf_ldso_path[]; + /* Corresponds to the --prefix= passed to configure. */ extern const char support_install_prefix[]; /* Corresponds to the install's lib/ or lib64/ directory. */ diff --git a/support/support_paths.c b/support/support_paths.c index d18e71e38b..4a14d4e78e 100644 --- a/support/support_paths.c +++ b/support/support_paths.c @@ -44,6 +44,12 @@ const char support_objdir_elf_ldso[] = OBJDIR_ELF_LDSO_PATH; # error please -DOBJDIR_ELF_LDSO_PATH=something in the Makefile #endif +#ifdef CONTAINER_ELF_LDSO_PATH +const char support_container_elf_ldso_path[] = CONTAINER_ELF_LDSO_PATH; +#else +# error please -DCONTAINER_ELF_LDSO_PATH=something in the Makefile +#endif + #ifdef INSTDIR_PATH /* Corresponds to the --prefix= passed to configure. */ const char support_install_prefix[] = INSTDIR_PATH;