This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: What does LAV_CURRENT mean backwards compatibility of LD_AUDIT interface?
- From: "Carlos O'Donell" <carlos at redhat dot com>
- To: Ben Woodard <woodard at redhat dot com>, Roland McGrath <roland at hack dot frob dot com>
- Cc: GNU C Library <libc-alpha at sourceware dot org>, "Joseph S. Myers" <joseph at codesourcery dot com>
- Date: Fri, 20 Mar 2015 12:12:09 -0400
- Subject: Re: What does LAV_CURRENT mean backwards compatibility of LD_AUDIT interface?
- Authentication-results: sourceware.org; auth=none
- References: <54EFBC96 dot 7010608 at redhat dot com> <5507BE70 dot 4090800 at redhat dot com> <20150318215629 dot 2BA1D2C3B30 at topped-with-meat dot com> <550A1A30 dot 2020500 at redhat dot com> <20150319192738 dot D24212C3B11 at topped-with-meat dot com> <30A52510-F5CC-47EE-8E59-8843E7794102 at redhat dot com> <20150319210017 dot 1AF7D2C3B38 at topped-with-meat dot com> <0CEFE5DF-50CB-47D7-BD2F-AAE55A8C0064 at redhat dot com>
On 03/19/2015 06:38 PM, Ben Woodard wrote:
> I would agree and say that the implications are:
>
> 1) in the code fragment in the man page and in the example audit
> libraries in glibc we shouldn't just abort when the version passed
> into la_version() doesn't match the compiled in LAV_CURRENT. It
> should return the version of the audit interface that it was designed
> to use. Suggesting in the documentation that audit libraries simply
> return the version parameter that was passed into them seems ill
> advised.
Agreed, please send patches for that.
Please also send patches to the linux kernel man pages project.
> 2) at some point in the future if we have a not completely backward
> compatible change to the audit interface, we need to decide what to
> do when and if an audit library returns a version that glibc doesn't
> want to support anymore. However, I think that the odds of this
> happening before we have a successor to Linux and ELF are vanishingly
> unlikely.
The loader can detect that the audit module returned a version it doesn't
implement, and unload the module. The modules destructors can do any
cleanup and terminate the process of auditing was required.
In essence the loader lies to the module, sees what it wants, and then
unloads it if it can't meet that obligation.
Cheers,
Carlos.