[uClibc] Re: [uClibc-cvs] CVS uClibc/ldso/ldso
Joakim Tjernlund
joakim.tjernlund at lumentis.se
Mon Oct 11 17:14:12 UTC 2004
> On Monday 11 October 2004 10:56 am, Joakim Tjernlund wrote:
> > Are you sure glibc works like this?
> > I had a look in glibc and I think glibc disables the cache for suid, so I
> > assumed uClibc should do the same. Check libc/elf/dl-load.c, around line
> > 1832 in glibc to see if I read the code right.
>
> like i said, i only know what 'works' :)
> vapier at coral 0 ~ $ ldd /bin/su
> ldd: error: you do not have read permission for `/bin/su'
> vapier at coral 0 ~ $ su -
> Password:
> root at coral 0 ~ # ls -l /bin/su
> -rws--x--x 1 root root 21008 Jul 4 18:22 /bin/su
> root at coral 0 ~ # ldd /bin/su
> libcrypt.so.1 => /lib/libcrypt.so.1 (0x40029000)
> libpam.so.0 => /lib/libpam.so.0 (0x4005d000)
> libpam_misc.so.0 => /lib/libpam_misc.so.0 (0x4006c000)
> libc.so.6 => /lib/libc.so.6 (0x40076000)
> libdl.so.2 => /lib/libdl.so.2 (0x4019b000)
> libgcc_s.so.1
> => /usr/lib/gcc-lib/armv4l-unknown-linux-gnu/3.3.4/libgcc_s.so.1 (0x401a6000)
> /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
> root at coral 0 ~ # ldconfig -p | grep libgcc_s
> libgcc_s.so.1 (libc6)
> => /usr/lib/gcc-lib/armv4l-unknown-linux-gnu/3.3.4/libgcc_s.so.1
> libgcc_s.so (libc6)
> => /usr/lib/gcc-lib/armv4l-unknown-linux-gnu/3.3.4/libgcc_s.so
>
> i see the INTUSE(__libc_enable_secure) wrapping the cache search in glibc, but
> i really dont know what that does ;)
hmm, looking a bit closer in libc/elf/dl-load.c there is an if stmt that boils
down to "if (!preloaded || !__libc_enable_secure) then do a cache lookup".
For this to be false both preloaded and __libc_enable_secure must be !=0
- __libc_enable_secure is set to 1 iff SUID.
- preloaded is set to 1 only iff the lib has been preloaded via ld.so.preload.
Since preloaded pretty much always is zero, the above if stmt becomes true regardless
of __libc_enable_secure.
If find this behaviour a bit strange, but that explains why the ld.so cache is used
for SUID programs. On the other hand, my analysis may be way off :(
Before I undo the change to uClibc ldso, can you see what happens if
you use the /etc/ld.so.preload file to preload a lib or two?
Jocke
More information about the uClibc
mailing list