From: i262jq@0w.se
To: musl@lists.openwall.com
Subject: Re: [musl] [PATCH 1/1] ldso: continue searching if wrong architecture is found first
Date: Wed, 7 Feb 2024 20:10:09 +0100 [thread overview]
Message-ID: <ZcPVkWI0/sMV/BYJ@localhost> (raw)
In-Reply-To: <20240207173023.GX4163@brightrain.aerifal.cx>
Dear Rich,
On Wed, Feb 07, 2024 at 12:30:24PM -0500, Rich Felker wrote:
> On Tue, Feb 06, 2024 at 05:22:43PM -0800, Markus Mayer wrote:
> > When LD_LIBRARY_PATH is being used, the shared library loader may end up
> > finding a shared library with the correct name but from a wrong
> > architecture. This primarily happens when a 32-bit / 64-bit mismatch
> > occurs.
> >
> > Rather than giving up immediately and aborting, the shared library
> > loader should continue to look in all known locations for a matching
> > library that may work.
>
> I don't think the concept is objectionable, but the implementation
I wonder how the loader would distinguish between "right" and "wrong"
if there are multiple libraries differing for example only in some minor
build option - which difference still can be crucial for the actual
application or for other used libraries?
In other words:
LD_LIBRARY_PATH is inherently unsafe when the applications can execute
other binaries than prepared by the same party, on a system not managed
by the same party.
Is it really worth to make LD_LIBRARY_PATH "more usable", but still unsafe?
To the contrary, relying on the explicit loader in a wrapper is totally
safe, because the path to the libraries is not inherited at any later
exec.
Are there any practical cases where the overhead of an extra execve()
of a small wrapper would be a noticeable problem?
> If you think there are less invasive ways to do this, I'd be happy to
> hear other ideas too.
The least invasive way might be to avoid introducing such support?
My perspective reflects years of handling third party applications and the
consequences of their use of LD_LIBRARY_PATH. This works - *mostly*.
At the same time, building and freely mixing applications linked
to a plethora of simultaneously available versions and instances of
libraries, this worked without any problems ever, thanks to the loader
with --library-path. AFAICS, reliance on checks in the loader would
never provide the same level of robustness, ease and flexibility.
Thanks for musl, regards,
/i262jq
next prev parent reply other threads:[~2024-02-07 19:10 UTC|newest]
Thread overview: 13+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-02-07 1:22 [musl] [PATCH 0/1] ldso: continue searching if wrong architecture is found Markus Mayer
2024-02-07 1:22 ` [musl] [PATCH 1/1] ldso: continue searching if wrong architecture is found first Markus Mayer
2024-02-07 17:30 ` Rich Felker
2024-02-07 19:10 ` i262jq [this message]
2024-02-07 19:51 ` Thorsten Glaser
2024-02-08 15:52 ` i262jq
2024-02-07 20:59 ` Markus Mayer
2024-02-07 8:26 ` [musl] [PATCH 0/1] ldso: continue searching if wrong architecture is found i262jq
2024-02-07 16:45 ` enh
2024-02-07 17:07 ` Thorsten Glaser
2024-02-07 17:54 ` enh
2024-02-07 18:09 ` Colin Cross
2024-04-02 20:59 ` Markus Mayer
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZcPVkWI0/sMV/BYJ@localhost \
--to=i262jq@0w.se \
--cc=musl@lists.openwall.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/musl/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).