[Bug dynamic-link/22745] _nptl_setxid can loop forever if a dlmopen namespace tries to initialise pthreads after the main namespace does

["carlos at redhat dot com" <sourceware-bugzilla at sourceware dot org>]

https://sourceware.org/bugzilla/show_bug.cgi?id=22745

--- Comment #6 from Carlos O'Donell <carlos at redhat dot com> ---
(In reply to Vivek Das Mohapatra from comment #5)
> (In reply to Carlos O'Donell from comment #4)
> > We should try to flesh out partial isolation first, but must keep full
> > isolation working for LD_AUDIT.
> > 
> > https://sourceware.org/glibc/wiki/LinkerNamespaces
> 
> I take your point(s) about the limitations of RTLD_UNIQUE - my thought was
> that to start with I could use it for libc/libpthread (by using the flag
> explicitly in libcapsule) which don't have further dependencies - everything
> else I need to share is/would be handled by creating a shim library which 
> managed data sharing at a higher level.
> 
> The default behaviour would still be total isolation, as happens now.

Consider the case where a new library in a new namespace dlopen's libpthread to
create new threads. This dlopen will not be made with RTLD_UNIQUE and these new
threads will be unknown to the base namespace. Instead the base namespace
should load libpthread and make it available in the non-base namespace. This
way the base namespace is aware that there are threads now, and that seteuid
must iterate over them properly. I expect we need a SONAME list and all load's
from that SONAME list must first happen in the base namespace, and then be
linked into the non-base namespace. The SONAME list is minimally libc.so.6,
libpthread.so.0, libdl.so.2, libgcc_s.so.1 (from gcc for unwinding), with maybe
libm.so.6 for future proofing, basically anything that constitutes the
implementation. This filtered loading should be turned off for total isolation
namespaces required for LD_AUDIT using an internal dlopen flag.

-- 
You are receiving this mail because:
You are on the CC list for the bug.