This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH][v2] Add dynamic linker support for $EXEC_ORIGIN.
* Paul Pluzhnikov:
> On Wed, Oct 25, 2017 at 8:36 AM, Szabolcs Nagy <szabolcs.nagy@arm.com> wrote:
>
>> and Rich Felker notes that it can be hacked around
>> without elf changes using wrapper scripts like
>>
>> exec /lib/ld-linux.so.2 --library-path /path/with/dso/symlinks
>> /path/to/exe "$@"
>
> That hack has its own set of problems. E.g. it doesn't work for Java,
> which likes to set environment variables to its liking and then
> re-execs itself.
Neither $ORIGIN nor $EXEC_ORIGIN work reliably for Java because the
the JIT compiler needs a special SELinux policy, and AT_SECURE
disables both linker expansions.
I'm not sure whether the solution is a kernel feature through which a
sufficiently privileged process can launch a process with AT_SECURE=0,
or to fix Java (or more precisely, OpenJDK) not to use $ORIGIN
anymore.
(I haven't seen the re-execing you describe, though.)