Bug 26723 - LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configuration file on a per-application basis
Summary: LD_ETC_IGNORE - environment variable to ignore /etc/ld.so.preload configurati...
Status: UNCONFIRMED
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2020-10-09 15:08 UTC by adrelanos
Modified: 2020-10-09 20:29 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description adrelanos 2020-10-09 15:08:15 UTC
/etc/ld.so.preload is great, however in some corner cases divergent settings are required. (Such as set through LD_PRELOAD environment variable.)

In such cases there is no easy way to ignore the /etc/ld.so.preload configuration file on a per-application basis. I.e. there is no command that can easily be prepended to make libc ignore /etc/ld.so.preload.

Currently for example to ignore /etc/ld.so.preload containing contents '/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so' one has to run:

bwrap --dev-bind / / --tmpfs /usr/lib/libhardened_malloc.so program-name

Which is cumbersome and creating follow-up issues.

Would be good if one could run this:

LD_ETC_IGNORE=1 program-name

Or...

LD_ETC_IGNORE=1 LD_PRELOAD=/path/to/so program-name 

And then /etc/ld.so.preload [1] would be ignored.


[1] and /etc/ld.so.preload.d [2]

[2] https://sourceware.org/bugzilla/show_bug.cgi?id=24913
Comment 1 Carlos O'Donell 2020-10-09 20:29:11 UTC
(In reply to adrelanos from comment #0)
> /etc/ld.so.preload is great, however in some corner cases divergent settings
> are required. (Such as set through LD_PRELOAD environment variable.)

Divergent settings are issues that the application developer and the system administrator need to work together on to resolve.

The point of /etc/ld.so.preload is to give system administrators a method for enforcing preloading of certain required libraries.

The semantics of /etc/ld.so.preload are exactly that applications should not be able to ignore them. Likewise /etc/ld.so.preload is the only mechanism to preload objects for suid binaries.

> In such cases there is no easy way to ignore the /etc/ld.so.preload
> configuration file on a per-application basis. I.e. there is no command that
> can easily be prepended to make libc ignore /etc/ld.so.preload.

Correct, and that is only purpose.
 
> Currently for example to ignore /etc/ld.so.preload containing contents
> '/usr/lib/libhardened_malloc.so/libhardened_malloc_kicksecure.so' one has to
> run:

You're not supposed to ignore that, your system admin set it up that way.
 
> bwrap --dev-bind / / --tmpfs /usr/lib/libhardened_malloc.so program-name
> 
> Which is cumbersome and creating follow-up issues.

What problem is the hardened malloc causing?

Why do you have to have it on the system?