This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [PATCH] Implement _dl_catch_error, _dl_signal_error in libc.so [BZ #16628]
- From: Carlos O'Donell <carlos at redhat dot com>
- To: Florian Weimer <fweimer at redhat dot com>, GNU C Library <libc-alpha at sourceware dot org>
- Date: Wed, 30 Nov 2016 08:49:30 -0500
- Subject: Re: [PATCH] Implement _dl_catch_error, _dl_signal_error in libc.so [BZ #16628]
- Authentication-results: sourceware.org; auth=none
- References: <7650651f-f268-6405-c04c-61aa18d166f9@redhat.com>
On 11/14/2016 10:07 AM, Florian Weimer wrote:
> The attached patch depends on the elf/dl-load.c clean I posted today,
> and the addition of the __sigsetjmp hidden definitions on
> architectures which lack them.
>
> The removal of the two function pointers from libc.so (the one in
> rtld_global, and the receiver pointer internal to elf/dl-error.c) is
> desirable from a security perspective, too.
At a high level I think the design is much cleaner than the existing
confusion of function pointers that are manipulated during the startup
sequence.
I like that the libc.so versions are used once symbol interposition is
enabled, though in the long run I think we need to do something to more
clearly mark exactly when that transition happens and how to cleanup
before it. The dl-minimal malloc transition isn't always that clear and
has caused some problems in the past. I see you're using l_relocated != 0
to detect if it's been malloc'd, and that's the kind of thing we might
eventually turn into some easier to use API.
Regarding the test case, tst-latepthreadmod, it seems to me that it tests
only the interposed libc.so versions of the try/catch framework? A test
that verifies the ld.so try/catch minimal hooks would require a failure
_before_ relocation, like say loading an LD_AUDIT object early and having
it fail.
While I think it's great coverage to test the try/catch hooks, I think we
probably need just one more test case marked XFAIL that loads a broken
LD_AUDIT object to verify the ld.so side of the hooks before transition
to the libc.so versions?
--
Cheers,
Carlos.