Re: [PATCH] Implement _dl_catch_error, _dl_signal_error in libc.so [BZ #16628]

[Carlos O'Donell <carlos at redhat dot com>]

On 11/14/2016 10:07 AM, Florian Weimer wrote:
> The attached patch depends on the elf/dl-load.c clean I posted today,
> and the addition of the __sigsetjmp hidden definitions on
> architectures which lack them.
> 
> The removal of the two function pointers from libc.so (the one in
> rtld_global, and the receiver pointer internal to elf/dl-error.c) is
> desirable from a security perspective, too.

At a high level I think the design is much cleaner than the existing
confusion of function pointers that are manipulated during the startup
sequence.

I like that the libc.so versions are used once symbol interposition is
enabled, though in the long run I think we need to do something to more
clearly mark exactly when that transition happens and how to cleanup
before it. The dl-minimal malloc transition isn't always that clear and
has caused some problems in the past. I see you're using l_relocated != 0
to detect if it's been malloc'd, and that's the kind of thing we might
eventually turn into some easier to use API.

Regarding the test case, tst-latepthreadmod, it seems to me that it tests
only the interposed libc.so versions of the try/catch framework? A test
that verifies the ld.so try/catch minimal hooks would require a failure
_before_ relocation, like say loading an LD_AUDIT object early and having
it fail.

While I think it's great coverage to test the try/catch hooks, I think we
probably need just one more test case marked XFAIL that loads a broken
LD_AUDIT object to verify the ld.so side of the hooks before transition
to the libc.so versions?

-- 
Cheers,
Carlos.