| Summary: | Provide a replacement for dlinfo (RTLD_DI_ORIGIN) | ||
|---|---|---|---|
| Product: | glibc | Reporter: | Florian Weimer <fweimer> |
| Component: | dynamic-link | Assignee: | Not yet assigned to anyone <unassigned> |
| Status: | NEW --- | ||
| Severity: | normal | CC: | fweimer, woodard |
| Priority: | P2 | Flags: | fweimer:
security-
|
| Version: | unspecified | ||
| Target Milestone: | --- | ||
| See Also: | https://sourceware.org/bugzilla/show_bug.cgi?id=32087 | ||
| Host: | Target: | ||
| Build: | Last reconfirmed: | ||
A potential replacement interface has been discussed upstream here: https://sourceware.org/pipermail/libc-alpha/2024-August/159072.html The tool authors that I've talked to have not expressed a strong preference for any of the proposed alternatives. However, they are very interested in not having buffer overflows in their code and would love to move to secure interface to the same information. |
The caller has no good way to determine the size of the buffer, so this is inherently dangerous: case RTLD_DI_ORIGIN: strcpy (args->arg, l->l_origin); break; We should define a new constant and deprecate the old one. The new operation should probably use strdup instead of strcpy.