26723 – LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configuration file on a per-application basis

Bug 26723 - LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configuration file on a per-application basis

Summary: LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configurati...

Status:	UNCONFIRMED

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	libc (show other bugs)
Version:	unspecified

Importance:	P2 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2020-10-09 15:08 UTC by adrelanos
Modified:	2020-10-09 20:29 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description adrelanos 2020-10-09 15:08:15 UTC

/etc/ld.so.preload is great, however in some corner cases divergent settings are required. (Such as set through LD_PRELOAD environment variable.)

In such cases there is no easy way to ignore the /etc/ld.so.preload configuration file on a per-application basis. I.e. there is no command that can easily be prepended to make libc ignore /etc/ld.so.preload.

Currently for example to ignore /etc/ld.so.preload containing contents '/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so' one has to run:

bwrap --dev-bind / / --tmpfs /usr/lib/libhardened_malloc.so program-name

Which is cumbersome and creating follow-up issues.

Would be good if one could run this:

LD_ETC_IGNORE=1 program-name

Or...

LD_ETC_IGNORE=1 LD_PRELOAD=/path/to/so program-name 

And then /etc/ld.so.preload [1] would be ignored.


[1] and /etc/ld.so.preload.d [2]

[2] https://sourceware.org/bugzilla/show_bug.cgi?id=24913

Comment 1 Carlos O'Donell 2020-10-09 20:29:11 UTC

(In reply to adrelanos from comment #0)
> /etc/ld.so.preload is great, however in some corner cases divergent settings
> are required. (Such as set through LD_PRELOAD environment variable.)

Divergent settings are issues that the application developer and the system administrator need to work together on to resolve.

The point of /etc/ld.so.preload is to give system administrators a method for enforcing preloading of certain required libraries.

The semantics of /etc/ld.so.preload are exactly that applications should not be able to ignore them. Likewise /etc/ld.so.preload is the only mechanism to preload objects for suid binaries.

> In such cases there is no easy way to ignore the /etc/ld.so.preload
> configuration file on a per-application basis. I.e. there is no command that
> can easily be prepended to make libc ignore /etc/ld.so.preload.

Correct, and that is only purpose.
 
> Currently for example to ignore /etc/ld.so.preload containing contents
> '/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so' one has to
> run:

You're not supposed to ignore that, your system admin set it up that way.
 
> bwrap --dev-bind / / --tmpfs /usr/lib/libhardened_malloc.so program-name
> 
> Which is cumbersome and creating follow-up issues.

What problem is the hardened malloc causing?

Why do you have to have it on the system?