22359 – ld.so's cache should live in /var/cache, and support cache deletion.

Bug 22359 - ld.so's cache should live in /var/cache, and support cache deletion.

Summary: ld.so's cache should live in /var/cache, and support cache deletion.

Status:	NEW

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	dynamic-link (show other bugs)
Version:	2.27

Importance:	P2 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2017-10-27 16:52 UTC by Carlos O'Donell
Modified:	2020-03-17 21:16 UTC (History)
CC List:	2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Carlos O'Donell 2017-10-27 16:52:51 UTC

The dynamic loader's cache, ld.so.cache, currently resides in /etc, but it is a cache, and by it's very definition it should live in /var/cache.

However, because /var might not be mounted early on, it would negatively impact application performance if the cache was missing. Worse, when special directories are added to the ld.so.conf, it might actually prevent applications from starting if it was missing.

Then again the counter-point is that /var, for system logging purposes, has to be present immediately when the system boots, and on Fedora /var is /.

We should evaluate the benefits of moving ld.so.cache to /var/cache to match the policy that as a cache file it should be removable without any problems.

This entire change probably requires two changes:

* If the dynamic loader might fail to load a DSO, and the cache is missing, parse /etc/ld.so.conf to look for additional search directories that were cache-only, and thus continue to operate even in the absence of the cache.

* Move the cache to /var/ldconfig/ld.so.cache so it can be managed as a proper cache by tooling that does so.

Comment 1 Michal Schmidt 2017-10-30 13:41:48 UTC

(In reply to Carlos O'Donell from comment #0)
> Then again the counter-point is that /var, for system logging purposes, has
> to be present immediately when the system boots, and on Fedora /var is /.

Fedora allows /var to be a separate mount from /.
systemd-journald solves the logging problem by storing the logs in /run/log/journal (on tmpfs) until /var/log/journal is mounted. Then systemd-journal-flush.service moves the logs to the persistent location.

Comment 2 Florian Weimer 2017-10-30 14:04:23 UTC

The dynamic loader does not perform any /etc/ld.so.conf processing today.  We would have to change that in order to make /etc/ld.so.cache a true cache.  I don't think this is realistic because would need glob etc. as part of the dynamic loader.

Comment 3 Carlos O'Donell 2020-03-17 21:16:02 UTC

(In reply to Florian Weimer from comment #2)
> The dynamic loader does not perform any /etc/ld.so.conf processing today. 
> We would have to change that in order to make /etc/ld.so.cache a true cache.
> I don't think this is realistic because would need glob etc. as part of the
> dynamic loader.

We don't have to do this processing. We can just fail to load /var/lib/ldconfig/cache and thus not support running whatever applications needed those path. Thus treating this as truly "configuration data" instead of a cache.