From: Rich Felker <dalias@libc.org>
To: Markus Mayer <mmayer@broadcom.com>
Cc: Musl Mailing List <musl@lists.openwall.com>
Subject: Re: [musl] [PATCH 1/1] ldso: continue searching if wrong architecture is found first
Date: Wed, 7 Feb 2024 12:30:24 -0500 [thread overview]
Message-ID: <20240207173023.GX4163@brightrain.aerifal.cx> (raw)
In-Reply-To: <20240207012247.1121273-2-mmayer@broadcom.com>
On Tue, Feb 06, 2024 at 05:22:43PM -0800, Markus Mayer wrote:
> When LD_LIBRARY_PATH is being used, the shared library loader may end up
> finding a shared library with the correct name but from a wrong
> architecture. This primarily happens when a 32-bit / 64-bit mismatch
> occurs.
>
> Rather than giving up immediately and aborting, the shared library
> loader should continue to look in all known locations for a matching
> library that may work.
I don't think the concept is objectionable, but the implementation
looks wrong in at least two major ways:
1. It does not seem to continue the path search where it left off, but
just skips the rest of the LD_LIBRARY_PATH search on retry. Yes
this solves your problem of having a wrong-arch path element
present, but it breaks search of any correct-arch path elements
also present later there. This might not be a big deal, but it
strongly violates principle of least surprise, I think.
The bigger one is:
2. No consideration is made for the *cause of failure* when retrying.
Any in particular, lots of potential errors that were supposed to
be reportable errors now turn into vectors for loading the wrong
library, potentially under control of malicious inputs or
environmental factors (kernel resource exhaustion, etc.).
If "wrong library arch" is going to be a continue-path-search
operation, it needs to be distinguishable (as "we successfully read
the Ehdrs and determined the library is not suitable for this arch")
from inconclusive errors (like out-of-memory, too many mmaps, etc.)
This probably means some minor refactoring is called for, replacing
the open calls in path_open and the direct use of open for absolute
paths by a new function like lib_open or something that would also
place the start of the file into a caller-provided buffer and validate
that it's usable before returning success, moving that logic out of
map_library and letting map_library assume it already has the initial
buffer contents available on entry.
If you think there are less invasive ways to do this, I'd be happy to
hear other ideas too.
Rich
next prev parent reply other threads:[~2024-02-07 17:30 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-07 1:22 [musl] [PATCH 0/1] ldso: continue searching if wrong architecture is found Markus Mayer
2024-02-07 1:22 ` [musl] [PATCH 1/1] ldso: continue searching if wrong architecture is found first Markus Mayer
2024-02-07 17:30 ` Rich Felker [this message]
2024-02-07 19:10 ` i262jq
2024-02-07 19:51 ` Thorsten Glaser
2024-02-08 15:52 ` i262jq
2024-02-07 20:59 ` Markus Mayer
2024-02-07 8:26 ` [musl] [PATCH 0/1] ldso: continue searching if wrong architecture is found i262jq
2024-02-07 16:45 ` enh
2024-02-07 17:07 ` Thorsten Glaser
2024-02-07 17:54 ` enh
2024-02-07 18:09 ` Colin Cross
2024-04-02 20:59 ` Markus Mayer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240207173023.GX4163@brightrain.aerifal.cx \
--to=dalias@libc.org \
--cc=mmayer@broadcom.com \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).