/etc/ld.so.preload is great, however in some corner cases divergent settings are required. (Such as set through LD_PRELOAD environment variable.) In such cases there is no easy way to ignore the /etc/ld.so.preload configuration file on a per-application basis. I.e. there is no command that can easily be prepended to make libc ignore /etc/ld.so.preload. Currently for example to ignore /etc/ld.so.preload containing contents '/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so' one has to run: bwrap --dev-bind / / --tmpfs /usr/lib/libhardened_malloc.so program-name Which is cumbersome and creating follow-up issues. Would be good if one could run this: LD_ETC_IGNORE=1 program-name Or... LD_ETC_IGNORE=1 LD_PRELOAD=/path/to/so program-name And then /etc/ld.so.preload [1] would be ignored. [1] and /etc/ld.so.preload.d [2] [2] https://sourceware.org/bugzilla/show_bug.cgi?id=24913
(In reply to adrelanos from comment #0) > /etc/ld.so.preload is great, however in some corner cases divergent settings > are required. (Such as set through LD_PRELOAD environment variable.) Divergent settings are issues that the application developer and the system administrator need to work together on to resolve. The point of /etc/ld.so.preload is to give system administrators a method for enforcing preloading of certain required libraries. The semantics of /etc/ld.so.preload are exactly that applications should not be able to ignore them. Likewise /etc/ld.so.preload is the only mechanism to preload objects for suid binaries. > In such cases there is no easy way to ignore the /etc/ld.so.preload > configuration file on a per-application basis. I.e. there is no command that > can easily be prepended to make libc ignore /etc/ld.so.preload. Correct, and that is only purpose. > Currently for example to ignore /etc/ld.so.preload containing contents > '/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so' one has to > run: You're not supposed to ignore that, your system admin set it up that way. > bwrap --dev-bind / / --tmpfs /usr/lib/libhardened_malloc.so program-name > > Which is cumbersome and creating follow-up issues. What problem is the hardened malloc causing? Why do you have to have it on the system?