24298 – Provide a replacement for dlinfo (RTLD_DI_ORIGIN)

Bug 24298 - Provide a replacement for dlinfo (RTLD_DI_ORIGIN)

Summary: Provide a replacement for dlinfo (RTLD_DI_ORIGIN)

Status:	NEW

Alias:	None

Product:	glibc
Classification:	Unclassified
Component:	dynamic-link (show other bugs)
Version:	unspecified

Importance:	P2 normal
Target Milestone:	---
Assignee:	Not yet assigned to anyone

URL:
Keywords:

Depends on:
Blocks:

Reported:	2019-03-04 15:40 UTC by Florian Weimer
Modified:	2024-08-15 21:21 UTC (History)
CC List:	2 users (show)

See Also:	32087
Host:
Target:
Build:
Last reconfirmed:

Flags:	fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Florian Weimer 2019-03-04 15:40:49 UTC

The caller has no good way to determine the size of the buffer, so this is inherently dangerous:

    case RTLD_DI_ORIGIN:
      strcpy (args->arg, l->l_origin);
      break;

We should define a new constant and deprecate the old one.  The new operation should probably use strdup instead of strcpy.

Comment 1 Ben Woodard 2024-08-09 19:36:20 UTC

A potential replacement interface has been discussed upstream here: https://sourceware.org/pipermail/libc-alpha/2024-August/159072.html 

The tool authors that I've talked to have not expressed a strong preference for any of the proposed alternatives. However, they are very interested in not having buffer overflows in their code and would love to move to secure interface to the same information.