Fwd: [PATCH v5 00/22] Some rtld-audit fixes

Florian Weimer fweimer@redhat.com
Tue Nov 23 16:50:49 GMT 2021


* Adhemerval Zanella:

> On 23/11/2021 11:02, Florian Weimer wrote:
>> * Adhemerval Zanella:
>> 
>>> In fact I think rather than using the argv[0], since it passing the
>>> executable path is just a convention; I think it would be better to
>>> use AT_EXECFN.  On recent kernel it is always passed to userland and
>>> kernel should be responsible to hide any filesystem information if it
>>> is required.
>> 
>> It's still a relative path to an unknown directory, I think.  I expect
>> (but have not checked) that it is the pathname argument to execveat,
>> which may not be meaningful to the new process image.
>
> Yes, but it better than _dl_argv[0] and/or an empty string.  Without 
> proper kernel support we can not reliable get the path, in fact the 
> kernel might in fact hides it on purpose.

I'm worried that if we put a path-looking string there, programmers will
assume it is THE path to the executable.  With SUID programs, that looks
like a recipe for security vulnerabilities.  These users need to use
/proc/self/exe and give up if that's not available.

Thanks,
Florian



More information about the Libc-alpha mailing list