In message <Pine.LNX.4.10.9912080840210.1474-100000@penguin.transmeta.com>,
Linus Torvalds writes:
+-----
| On Wed, 8 Dec 1999, David S. Miller wrote:
| > It's not an odd event. It's a feature... Say you want to provide
| > your own special malloc, your strong "malloc" symbol now not only
| > overrides the global references to the "malloc" symbol in the binary
| > itself, but also all of those global references within libc too (and
| > all other shared libraries you load, even via dl_open()). If you want
| > to override any and all malloc activity (and this is useful for
| > malloc/free leak debuggers like electric fence for example) this
| > global weak overriding mechanism is the way it can be done.
|
| The above case you can KNOW at link-time. Your linker can (and will)
+--->8
B> Say I want to enable malloc checking at runtime. I use LD_PRELOAD
B> for that... whoops! Doesn't work. In fact, the best I can hope
B> for is complete ineffectiveness: it is likely to cause complete
B> breakage, if some things use my LD_PRELOAD'ed malloc() et al. and
B> others use the standard one.
This whole "pre-link" idea sounds remarkably like the IRIX
Quickstart, which has been there for many years. The basic idea is:
There is a new flag in binaries and dependent libraries/shared
objects that tells whether the quickstart process (the rqs binary,
specifically) has been run on it. The QS (quickstart) bit is
cleared by default. All shared objects (DSOs) have a name,
timestamp and other info.
If the QS bit is set, then the dynamic loader (rld) considers
using the pre-link fastpath. If not, it does the slow path (normal
ELF runtime linking).
The pre-link fastpath is followed if the DSO has the same
timestamp info as stored in the linked-from object. Any libraries
that fail the check will get runtime linked the slow way.
Several things short-circuit the decision process, even if the QS
bit is set: LD_PRELOAD (and equivalents) always go the slow path
(this handles the specific question), s[ug]id binaries ignore the
LD_* (etc) environment vars if the [ug]id isn't the owner (this
fixes a large class of exploits).
I'm not an expert, so I hope I got it right...
Here are some URLs for further info on how SGI does it:
http://techpubs.sgi.com/library/dynaweb_bin/ebt-bin/0650/nph-infosrch.cgi/infosrchtpl/SGI_Developer/Cplr_PTG/@InfoSearch__BookTextView/5157?DwebQuery=quickstart
http://techpubs.sgi.com/library/dynaweb_bin/ebt-bin/0650/nph-infosrch.cgi/infosrchtpl/SGI_Developer/MproCplrDbx_TG/@InfoSearch__BookTextView/2990?DwebQuery=quickstart
http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi?coll=0650&db=man&fname=/usr/share/catman/p_man/cat5/dso.z&srch=quickstart
http://techpubs.sgi.com/library/tpl/cgi-bin/getdoc.cgi?coll=0650&db=man&fname=/usr/share/catman/u_man/cat1/rqs.z&srch=quickstart
(these are searches against the online IRIX manuals at
http://techpubs.sgi.com/).
-- Scott Henry <scotth@sgi.com> / Help! My disclaimer is missing! IRIX MTS, / GIGO *really* means: Garbage in, Gospel Out Silicon Graphics, Inc / http://reality.sgi.com/scotth/- To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to majordomo@vger.rutgers.edu Please read the FAQ at http://www.tux.org/lkml/