From patchwork Tue May 25 02:25:54 2021
Content-Type: text/plain; charset="utf-8"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
X-Patchwork-Submitter: Fergus Dall <sidereal@google.com>
X-Patchwork-Id: 43559
Return-Path: <libc-alpha-bounces@sourceware.org>
X-Original-To: patchwork@sourceware.org
Delivered-To: patchwork@sourceware.org
Received: from server2.sourceware.org (localhost [IPv6:::1])
	by sourceware.org (Postfix) with ESMTP id D6F70385BF9D;
	Tue, 25 May 2021 02:26:10 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D6F70385BF9D
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org;
	s=default; t=1621909570;
	bh=FYVjju+K+mrq0ZRXucwmF77y9e5LqbTg33Rt49JJ794=;
	h=Date:Subject:To:List-Id:List-Unsubscribe:List-Archive:List-Post:
	 List-Help:List-Subscribe:From:Reply-To:Cc:From;
	b=glfAMxlN3zr4lo3OjPaHixxJSp9kGzMmehq/d0pUMxA0FYlXkkAXyi2jWC/DvIuSY
	 a/uWOLo0X3f7KHEMnfIl4HUagrqQY+mN9MnjMoOsa0kcEGuyD5jK++me/NR3Z1bW6b
	 7w3gqSK63uQTzLnmTAW1G4wtXHiDsqQ1wwzSSoag=
X-Original-To: libc-alpha@sourceware.org
Delivered-To: libc-alpha@sourceware.org
Received: from mail-lf1-x135.google.com (mail-lf1-x135.google.com
 [IPv6:2a00:1450:4864:20::135])
 by sourceware.org (Postfix) with ESMTPS id B9A52385802A
 for <libc-alpha@sourceware.org>; Tue, 25 May 2021 02:26:07 +0000 (GMT)
DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org B9A52385802A
Received: by mail-lf1-x135.google.com with SMTP id j6so40866225lfr.11
 for <libc-alpha@sourceware.org>; Mon, 24 May 2021 19:26:07 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc;
 bh=FYVjju+K+mrq0ZRXucwmF77y9e5LqbTg33Rt49JJ794=;
 b=jgHi0TMSXs4NEiYbreTeBbLwCMN9e/KQPy+lRKX9+DtPIoVsOL5+qzX8cmQy9+KNPu
 IQAJ42uNKfzzsSCnQuTEHrTB2mUFdZxXMmuGOFQa7Dw+NzpOumJNGpZswNIO6NTaIu7U
 EN1vINaxbU/JqppR2Yng+7/a8i9oPmaEs/d5bAbDlSBEWMlc99zSQwPrLTjzaFbaVbDd
 lOcasGhiXgObaCRj4DCqOvHF4nb/nDcPpN+5WwwJCgGo8IflXWan5yH1J0JoZhBKes21
 vISZ/yowwqF7gde9MNtkqmXcqSCuEV4m/vWfNH+E6DJhveDYZTnJhh4NBJ5iUgacsg/l
 +5bw==
X-Gm-Message-State: AOAM531eORds+D0VNjHqwyU6n8tCOY2Cu9L2Wwgew15L/KcjiY/rOMEj
 LuJMiJ/iWRri5a1TvgWmNV3osfkC87cYukB0uNeNYogz+Zn56g==
X-Google-Smtp-Source: 
 ABdhPJwIk8FFMcjPbbGPHcCINsZjMBGhLLxG9fndiayNqgLdS4vOvFraRd6v5ogaqIyJyz1TfRYlBakA9WCALk8Bxh0=
X-Received: by 2002:ac2:5447:: with SMTP id d7mr11976707lfn.348.1621909566064;
 Mon, 24 May 2021 19:26:06 -0700 (PDT)
MIME-Version: 1.0
Date: Tue, 25 May 2021 12:25:54 +1000
Message-ID: 
 <CAAjxMxeFR9z6KNc5V2itQB9k7tsLWbojRvQcTGFv1tPbjfKUQg@mail.gmail.com>
Subject: [PATCH] rtld: Add --no-default-paths option
To: libc-alpha@sourceware.org
X-Spam-Status: No, score=-26.5 required=5.0 tests=BAYES_00, DKIMWL_WL_MED,
 DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH,
 GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP,
 USER_IN_DEF_DKIM_WL,
 USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.2
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on
 server2.sourceware.org
X-BeenThere: libc-alpha@sourceware.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org>
List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe>
List-Archive: <https://sourceware.org/pipermail/libc-alpha/>
List-Post: <mailto:libc-alpha@sourceware.org>
List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help>
List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>,
 <mailto:libc-alpha-request@sourceware.org?subject=subscribe>
X-Patchwork-Original-From: Fergus Dall via Libc-alpha
 <libc-alpha@sourceware.org>
From: Fergus Dall <sidereal@google.com>
Reply-To: Fergus Dall <sidereal@google.com>
Cc: Mike Frysinger <vapier@google.com>, clumptini <clumptini@google.com>,
 chromeos-toolchain@google.com
Errors-To: libc-alpha-bounces@sourceware.org
Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org>

This option causes the default library search path to be skipped,
using only the paths in DT_RPATH, LD_LIBRARY_PATH, and
DT_RUNPATH. This option implies --inhibit-cache, as there is no point
in searching a cache of system libraries when we are not using the
system libraries at all.

This is necessary to preserve negative search results when isolating
applications from the system libraries. This can be important when an
application uses dlopen at run time to load optional libraries.

When a shared library is required by the application, it can be
isolated by putting appropriate versions of the libraries in
directories specified in LD_LIBRARY_PATH, because the library search
will always terminate before potentially loading any system libraries.

On the other hand, if the application should be run without an
optional library, the search will proceed past the LD_LIBRARY_PATH
directories into the default system libraries, potentially causing an
incorrect library to be linked.

From bf76dfcdd411a0394957b7a7ce8ee7c47d997036 Mon Sep 17 00:00:00 2001
From: Fergus Dall <sidereal@google.com>
Date: Fri, 21 May 2021 17:16:38 +1000
Subject: [PATCH] rtld: Add --no-default-paths option
To: libc-alpha@sourceware.org
Cc: chromeos-toolchain@google.com,
    vapier@google.com,
    clumptini@google.com

This option causes the default library search path to be skipped,
using only the paths in DT_RPATH, LD_LIBRARY_PATH, and
DT_RUNPATH. This option implies --inhibit-cache, as there is no point
in searching a cache of system libraries when we are not using the
system libraries at all.

This is necessary to preserve negative search results when isolating
applications from the system libraries. This can be important when an
application uses dlopen at run time to load optional libraries.

When a shared library is required by the application, it can be
isolated by putting appropriate versions of the libraries in
directories specified in LD_LIBRARY_PATH, because the library search
will always terminate before potentially loading any system libraries.

On the other hand, if the application should be run without an
optional library, the search will proceed past the LD_LIBRARY_PATH
directories into the default system libraries, potentially causing an
incorrect library to be linked.
---
 elf/dl-load.c              |  6 ++++--
 elf/dl-support.c           |  2 ++
 elf/dl-usage.c             |  2 ++
 elf/rtld.c                 | 10 ++++++++++
 sysdeps/generic/ldsodefs.h |  3 +++
 5 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/elf/dl-load.c b/elf/dl-load.c
index 918ec7546c..4ed0d1767c 100644
--- a/elf/dl-load.c
+++ b/elf/dl-load.c
@@ -2258,7 +2258,8 @@ _dl_map_object (struct link_map *loader, const char *name,
       if (fd == -1
 	  && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL
 	      || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB)))
-	  && __rtld_search_dirs.dirs != (void *) -1)
+	  && __rtld_search_dirs.dirs != (void *) -1
+	  && __glibc_likely (GLRO(dl_no_default_paths) == 0))
 	fd = open_path (name, namelen, mode, &__rtld_search_dirs,
 			&realname, &fb, l, LA_SER_DEFAULT, &found_other_class);
 
@@ -2438,7 +2439,8 @@ _dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting)
      a way to indicate that in the results for Dl_serinfo.  */
 
   /* Finally, try the default path.  */
-  if (!(loader->l_flags_1 & DF_1_NODEFLIB))
+  if (!(loader->l_flags_1 & DF_1_NODEFLIB)
+      && __glibc_likely (GLRO(dl_no_default_paths) == 0))
     add_path (&p, &__rtld_search_dirs, XXX_default);
 
   if (counting)
diff --git a/elf/dl-support.c b/elf/dl-support.c
index dfc9ab760e..36261ed080 100644
--- a/elf/dl-support.c
+++ b/elf/dl-support.c
@@ -144,6 +144,8 @@ size_t _dl_minsigstacksize = CONSTANT_MINSIGSTKSZ;
 
 int _dl_inhibit_cache;
 
+int _dl_no_default_paths;
+
 unsigned int _dl_osversion;
 
 /* All known directories in sorted order.  */
diff --git a/elf/dl-usage.c b/elf/dl-usage.c
index 5ad3a72559..f0c1a38eab 100644
--- a/elf/dl-usage.c
+++ b/elf/dl-usage.c
@@ -247,6 +247,8 @@ setting environment variables (which would be inherited by subprocesses).\n\
   --inhibit-cache       Do not use " LD_SO_CACHE "\n\
   --library-path PATH   use given PATH instead of content of the environment\n\
                         variable LD_LIBRARY_PATH\n\
+  --no-default-paths    Do not use the default library search path\n\
+                        This option implies --inhibit-cache\n\
   --glibc-hwcaps-prepend LIST\n\
                         search glibc-hwcaps subdirectories in LIST\n\
   --glibc-hwcaps-mask LIST\n\
diff --git a/elf/rtld.c b/elf/rtld.c
index fbbd60b446..89183107e4 100644
--- a/elf/rtld.c
+++ b/elf/rtld.c
@@ -360,6 +360,7 @@ struct rtld_global_ro _rtld_global_ro attribute_relro =
     ._dl_fpu_control = _FPU_DEFAULT,
     ._dl_pagesize = EXEC_PAGESIZE,
     ._dl_inhibit_cache = 0,
+    ._dl_no_default_paths = 0,
 
     /* Function pointers.  */
     ._dl_debug_printf = _dl_debug_printf,
@@ -1204,6 +1205,15 @@ dl_main (const ElfW(Phdr) *phdr,
 	    _dl_argc -= 2;
 	    _dl_argv += 2;
 	  }
+        else if (! strcmp (_dl_argv[1], "--no-default-paths"))
+          {
+            GLRO(dl_no_default_paths) = 1;
+            GLRO(dl_inhibit_cache) = 1;
+
+	    ++_dl_skip_args;
+	    --_dl_argc;
+	    ++_dl_argv;
+          }
 	else if (! strcmp (_dl_argv[1], "--inhibit-rpath")
 		 && _dl_argc > 2)
 	  {
diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h
index e383aa1dc3..e01ddd7b4b 100644
--- a/sysdeps/generic/ldsodefs.h
+++ b/sysdeps/generic/ldsodefs.h
@@ -551,6 +551,9 @@ struct rtld_global_ro
   /* Do we read from ld.so.cache?  */
   EXTERN int _dl_inhibit_cache;
 
+  /* Do we search the default system paths? */
+  EXTERN int _dl_no_default_paths;
+
   /* Copy of the content of `_dl_main_searchlist' at startup time.  */
   EXTERN struct r_scope_elem _dl_initial_searchlist;
 
-- 
2.31.1.818.g46aad6cb9e-goog