Bug 32509 - Can the symbol getaddrinfo() in static builds be made weak?
Summary: Can the symbol getaddrinfo() in static builds be made weak?
Status: WAITING
Alias: None
Product: glibc
Classification: Unclassified
Component: libc (show other bugs)
Version: unspecified
: P2 normal
Target Milestone: ---
Assignee: Not yet assigned to anyone
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2024-12-31 01:18 UTC by Vinícius dos Santos Oliveira
Modified: 2025-01-02 14:18 UTC (History)
2 users (show)

See Also:
Host:
Target:
Build:
Last reconfirmed: 2025-01-02 00:00:00
fweimer: security-

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Vinícius dos Santos Oliveira 2024-12-31 01:18:09 UTC 
I'm trying to create a seccomp sandbox for a project and I need to override libc functions related to ambient authority. So far I had success with many functions as most of them are weak symbols and I can just override them in static builds. For getaddrinfo(), I wasn't so lucky as the symbol is not declared as weak. Can the symbol getaddrinfo() be declared as weak in static builds? I can offer more details of my use case if there's interest.
Comment 1 Florian Weimer 2025-01-02 10:36:45 UTC 
It's not clear to me what this would solve. There are only three symbols defined in nss/getaddrinfo.o: __libc_getaddrinfo_freemem, getaddrinfo, freeaddrinfo. There is no strong reference that would pull in this object through __libc_getaddrinfo_freemem, so only getaddrinfo and freeaddrinfo remain for consideration.

Is the idea that you can redefine getaddrinfo without defining freeaddrinfo? I don't think this is wise because how memory is to be freed by freeaddrinfo is an internal implementation detail of getaddrinfo.
Comment 2 Vinícius dos Santos Oliveira 2025-01-02 12:24:34 UTC 
> Is the idea that you can redefine getaddrinfo without defining freeaddrinfo? I don't think this is wise because how memory is to be freed by freeaddrinfo is an internal implementation detail of getaddrinfo.

First I resolve the requested name to an IP address + port. Then I define two string buffers to hold the string-encoded values:

* https://gitlab.com/emilua/emilua/-/blob/ded3de90974f854fb637afb6c9d4dda4f40dc3bd/src/proc_set_libc_service.cpp#L1834
* https://gitlab.com/emilua/emilua/-/blob/ded3de90974f854fb637afb6c9d4dda4f40dc3bd/src/proc_set_libc_service.cpp#L1884

Then I call getaddrinfo() (the libc one) with AI_NUMERICHOST|AI_NUMERICSERV: https://gitlab.com/emilua/emilua/-/blob/ded3de90974f854fb637afb6c9d4dda4f40dc3bd/src/proc_set_libc_service.cpp#L1898

freeaddrinfo() will do the right thing because the buffers were allocated by libc's getaddrinfo().
Comment 3 Florian Weimer 2025-01-02 12:40:23 UTC 
I don't see how making getaddrinfo or freeaddrinfo weak would help you.
Comment 4 Vinícius dos Santos Oliveira 2025-01-02 14:18:46 UTC 
> I don't see how making getaddrinfo or freeaddrinfo weak would help you.

That's the error I get when I try to build a static binary:

/usr/bin/ld: /usr/lib/gcc/x86_64-pc-linux-gnu/14.2.1/../../../../lib/libc.a(getaddrinfo.o): in function `getaddrinfo':
(.text+0x1f30): multiple definition of `getaddrinfo'; libemilua-libc-service.a.p/src_linux_glibc_libc_service.cpp.o:/home/vinipsmaker/Projects/emilua/build3/../src/linux/glibc/libc_service.cpp:141: first defined here

This error doesn't happen for other libc functions because they're defined as weak so you can just define your function with the same name and your function will override the libc's.

That's how a weak getaddrinfo() will help me. It allows me to override getaddrinfo() in static builds.