Proposal to reduce anti-bundling requirements
Florian Weimer
fweimer at redhat.com
Tue Sep 15 17:59:36 UTC 2015
On 09/15/2015 03:58 PM, Simo Sorce wrote:
>> I'm not sure how difficult this would be because I'm not sure how many
>> symbols rely upon indirect dependencies. I think it would be a worthwhile
>> cleanup to turn on something like you suggest, and attempt to bootstrap
>> the OS using Fedora Bootstrap [1].
>
> Symbol interposition is used a lot for very useful features, blocking
> interposition would break a lot of stuff.
Such as run-time patching of BIND 9 on RHEL 3 to remove a remote crasher
bug?
I don't know. There is the malloc use case (which could easily be
supported by marking these functions as interposable), but beyond that?
>>> We currently do not perform proper symbol namespace management in Fedora
>>> (as we discussed before). Perhaps we should try to track DSO symbol
>>> namespaces first, and use that data to guide further evolution of
>>> dynamic linking.
>>
>> Agreed. We do indeed need some infrastructure in tools to extract all
>> symbols out of the entire distribution and review them.
>
> How do you distinguish between intentionally clashing symbol names and
> others ?
So far, it's been a manual process. Sometimes, it is obvious based on
the symbol name (“mutex”, “buffer”, “yylex”). Sometimes, it can be
tricky—we have multiple JSON libraries which use the json_ prefix.
And there are few symbols which must be exempted manually:
<https://github.com/fweimer/symboldb/blob/master/doc/examples/library-symbol-collisions.txt>
(This query needs to check the symbol binding, LOCAL/LOCAL is okay.)
Based on past experiment, I think that if we want to take collisions
seriously, we need to define symbol namespaces, at least for core-ish
packages. And beyond that, we need to look at linker changes.
--
Florian Weimer / Red Hat Product Security
More information about the devel
mailing list