From patchwork Thu May 27 13:55:45 2021 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Fergus Dall X-Patchwork-Id: 43606 Return-Path: X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 23E6C3955402; Thu, 27 May 2021 13:56:02 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 23E6C3955402 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1622123762; bh=MjLMouSnmY4k83TK6HYAIM1q1twpABE9YgISFOeueUs=; h=Date:Subject:To:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=Cvj3eTDSfsWGHO9EUfeiUvqriPaC1nXBOxQ2q/nYQ8IuUt72ni37Z+VDUQokn5FqE PH37VNNlMPDXwqpUhfwiJ9KuMmiJeEIMuQmOeP/mfxhbNkeAMf6SeMWlN3HDQbh7E6 lqxbb9nZZuCqWa6PO62JDru3ZPhltWQWE4Netefg= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-lj1-x231.google.com (mail-lj1-x231.google.com [IPv6:2a00:1450:4864:20::231]) by sourceware.org (Postfix) with ESMTPS id EC4AB3858023 for ; Thu, 27 May 2021 13:55:58 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org EC4AB3858023 Received: by mail-lj1-x231.google.com with SMTP id c15so917157ljr.7 for ; Thu, 27 May 2021 06:55:58 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to:cc; bh=MjLMouSnmY4k83TK6HYAIM1q1twpABE9YgISFOeueUs=; b=JbDfAkvNNojwU6UoeZLl/360C4J09nvG+t1eTloA+IjtVwUsVKxhY1ZXPxtxx+GTCf wL3QRTUIHfsR0GQ2kDJ4Ph2VmUmKP+UbTzwIJAEddvpD0VLWquv17sFBMEF5a5SjyepY 4F/M8N2FnsaEB4V0Lrbdn1WZhRIlFjxs5ceu8L8RsjPsYeY5+MtKdQ0dPg9TOw3KjKim Hqqdg2ZK9Qoxe1VVTTHqTI8lrkm8iqOSvCApRghinG4BhoJ/inJB5axlhLsHnn5ySYKH Vug3215ENI7yEKrqRccUrXZCDKun+9hAntTC0Pk4UxxXEYjAwHqGkYPuEGrZFj7KeRdC QVqA== X-Gm-Message-State: AOAM531vhdrUOa4sL2oLbJU7EFoZ0mOtNlZWBY5J9DKiHzU6V+260sNa JCCQZI2VPx/O6EK8IvJ9KXLU6X2XEP9wQO6rdz4eGiI1xci6lQ== X-Google-Smtp-Source: ABdhPJwHp3+koBZJqM3WOKik5F5t1Whw2UNK9qe6ktIzhYht4i4V9FvjQ1ReK89qzALHTspV2J9sUFAvrTqj1YKee+I= X-Received: by 2002:a05:651c:156:: with SMTP id c22mr2749563ljd.175.1622123757038; Thu, 27 May 2021 06:55:57 -0700 (PDT) MIME-Version: 1.0 Date: Thu, 27 May 2021 23:55:45 +1000 Message-ID: Subject: [PATCH v2 1/2] rtld: Add --no-default-paths option To: libc-alpha@sourceware.org X-Spam-Status: No, score=-26.1 required=5.0 tests=BAYES_00, DKIMWL_WL_MED, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, ENV_AND_HDR_SPF_MATCH, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP, USER_IN_DEF_DKIM_WL, USER_IN_DEF_SPF_WL autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Fergus Dall via Libc-alpha From: Fergus Dall Reply-To: Fergus Dall Cc: Mike Frysinger , clumptini , chromeos-toolchain@google.com Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" Changes from previous patchset: I've taken vapier's suggestion to use positive variable names, added a NEWS entry, and a pair of tests. The tests turned out to be much larger than the primary change, so I've split them into a separate patch. -- 8< -- This option causes the default library search path to be skipped, using only the paths in DT_RPATH, LD_LIBRARY_PATH, and DT_RUNPATH. This option implies --inhibit-cache, as there is no point in searching a cache of system libraries when we are not using the system libraries at all. This is necessary to preserve negative search results when isolating applications from the system libraries. This can be important when an application uses dlopen at run time to load optional libraries. When a shared library is required by the application, it can be isolated by putting appropriate versions of the libraries in directories specified in LD_LIBRARY_PATH, because the library search will always terminate before potentially loading any system libraries. On the other hand, if the application should be run without an optional library, the search will proceed past the LD_LIBRARY_PATH directories into the default system libraries, potentially causing an incorrect library to be linked. From 61d66e7ddca5f7a2dedf240c940ccb76b45946a9 Mon Sep 17 00:00:00 2001 From: Fergus Dall Date: Fri, 21 May 2021 17:16:38 +1000 Subject: [PATCH v2 1/2] rtld: Add --no-default-paths option To: libc-alpha@sourceware.org Cc: chromeos-toolchain@google.com, clumptini@google.com, vapier@google.com This option causes the default library search path to be skipped, using only the paths in DT_RPATH, LD_LIBRARY_PATH, and DT_RUNPATH. This option implies --inhibit-cache, as there is no point in searching a cache of system libraries when we are not using the system libraries at all. This is necessary to preserve negative search results when isolating applications from the system libraries. This can be important when an application uses dlopen at run time to load optional libraries. When a shared library is required by the application, it can be isolated by putting appropriate versions of the libraries in directories specified in LD_LIBRARY_PATH, because the library search will always terminate before potentially loading any system libraries. On the other hand, if the application should be run without an optional library, the search will proceed past the LD_LIBRARY_PATH directories into the default system libraries, potentially causing an incorrect library to be linked. --- NEWS | 4 ++++ elf/dl-load.c | 6 ++++-- elf/dl-support.c | 2 ++ elf/dl-usage.c | 2 ++ elf/rtld.c | 10 ++++++++++ sysdeps/generic/ldsodefs.h | 3 +++ 6 files changed, 25 insertions(+), 2 deletions(-) diff --git a/NEWS b/NEWS index 266837bf2d..9fb4cf7e72 100644 --- a/NEWS +++ b/NEWS @@ -25,6 +25,10 @@ Major new features: * The ISO C2X function timespec_getres has been added. +* The dynamic linker has gained the --no-default-paths option, which + causes it to ignore libraries in the default system paths even if all + higher precedence locations have been searched. + Deprecated and removed features, and other changes affecting compatibility: * The function pthread_mutex_consistent_np has been deprecated; programs diff --git a/elf/dl-load.c b/elf/dl-load.c index 918ec7546c..cc02699bec 100644 --- a/elf/dl-load.c +++ b/elf/dl-load.c @@ -2258,7 +2258,8 @@ _dl_map_object (struct link_map *loader, const char *name, if (fd == -1 && ((l = loader ?: GL(dl_ns)[nsid]._ns_loaded) == NULL || __glibc_likely (!(l->l_flags_1 & DF_1_NODEFLIB))) - && __rtld_search_dirs.dirs != (void *) -1) + && __rtld_search_dirs.dirs != (void *) -1 + && __glibc_likely (GLRO(dl_search_default_paths))) fd = open_path (name, namelen, mode, &__rtld_search_dirs, &realname, &fb, l, LA_SER_DEFAULT, &found_other_class); @@ -2438,7 +2439,8 @@ _dl_rtld_di_serinfo (struct link_map *loader, Dl_serinfo *si, bool counting) a way to indicate that in the results for Dl_serinfo. */ /* Finally, try the default path. */ - if (!(loader->l_flags_1 & DF_1_NODEFLIB)) + if (!(loader->l_flags_1 & DF_1_NODEFLIB) + && __glibc_likely (GLRO(dl_search_default_paths))) add_path (&p, &__rtld_search_dirs, XXX_default); if (counting) diff --git a/elf/dl-support.c b/elf/dl-support.c index dfc9ab760e..def75550aa 100644 --- a/elf/dl-support.c +++ b/elf/dl-support.c @@ -144,6 +144,8 @@ size_t _dl_minsigstacksize = CONSTANT_MINSIGSTKSZ; int _dl_inhibit_cache; +int _dl_search_default_paths; + unsigned int _dl_osversion; /* All known directories in sorted order. */ diff --git a/elf/dl-usage.c b/elf/dl-usage.c index 5ad3a72559..b5ae44932a 100644 --- a/elf/dl-usage.c +++ b/elf/dl-usage.c @@ -247,6 +247,8 @@ setting environment variables (which would be inherited by subprocesses).\n\ --inhibit-cache Do not use " LD_SO_CACHE "\n\ --library-path PATH use given PATH instead of content of the environment\n\ variable LD_LIBRARY_PATH\n\ + --no-default-paths do not use the default library search path\n\ + (this option implies --inhibit-cache)\n\ --glibc-hwcaps-prepend LIST\n\ search glibc-hwcaps subdirectories in LIST\n\ --glibc-hwcaps-mask LIST\n\ diff --git a/elf/rtld.c b/elf/rtld.c index fbbd60b446..6f9bfcbadb 100644 --- a/elf/rtld.c +++ b/elf/rtld.c @@ -360,6 +360,7 @@ struct rtld_global_ro _rtld_global_ro attribute_relro = ._dl_fpu_control = _FPU_DEFAULT, ._dl_pagesize = EXEC_PAGESIZE, ._dl_inhibit_cache = 0, + ._dl_search_default_paths = 1, /* Function pointers. */ ._dl_debug_printf = _dl_debug_printf, @@ -1204,6 +1205,15 @@ dl_main (const ElfW(Phdr) *phdr, _dl_argc -= 2; _dl_argv += 2; } + else if (! strcmp (_dl_argv[1], "--no-default-paths")) + { + GLRO(dl_search_default_paths) = 0; + GLRO(dl_inhibit_cache) = 1; + + ++_dl_skip_args; + --_dl_argc; + ++_dl_argv; + } else if (! strcmp (_dl_argv[1], "--inhibit-rpath") && _dl_argc > 2) { diff --git a/sysdeps/generic/ldsodefs.h b/sysdeps/generic/ldsodefs.h index e383aa1dc3..f9f2c4126a 100644 --- a/sysdeps/generic/ldsodefs.h +++ b/sysdeps/generic/ldsodefs.h @@ -551,6 +551,9 @@ struct rtld_global_ro /* Do we read from ld.so.cache? */ EXTERN int _dl_inhibit_cache; + /* Do we search the default system paths? */ + EXTERN int _dl_search_default_paths; + /* Copy of the content of `_dl_main_searchlist' at startup time. */ EXTERN struct r_scope_elem _dl_initial_searchlist; -- 2.31.1.818.g46aad6cb9e-goog