Proposal to reduce anti-bundling requirements

Simo Sorce simo at redhat.com
Tue Sep 15 18:16:35 UTC 2015


On Tue, 2015-09-15 at 19:59 +0200, Florian Weimer wrote:
> On 09/15/2015 03:58 PM, Simo Sorce wrote:
> 
> >> I'm not sure how difficult this would be because I'm not sure how many
> >> symbols rely upon indirect dependencies. I think it would be a worthwhile
> >> cleanup to turn on something like you suggest, and attempt to bootstrap
> >> the OS using Fedora Bootstrap [1].
> > 
> > Symbol interposition is used a lot for very useful features, blocking
> > interposition would break a lot of stuff.
> 
> Such as run-time patching of BIND 9 on RHEL 3 to remove a remote crasher
> bug?
> 
> I don't know.  There is the malloc use case (which could easily be
> supported by marking these functions as interposable), but beyond that?

Look at what we do with https://cwrap.org/ for example, we use this
stuff in multiple projects now to be able to do testing w/o having to
create complex networking setups, or have to reconfigure systems and
give real root to applications in testing. For any of this to work we
relying on LD_PRELOAD and symbols interposition.

> >>> We currently do not perform proper symbol namespace management in Fedora
> >>> (as we discussed before).  Perhaps we should try to track DSO symbol
> >>> namespaces first, and use that data to guide further evolution of
> >>> dynamic linking.
> >>  
> >> Agreed. We do indeed need some infrastructure in tools to extract all
> >> symbols out of the entire distribution and review them.
> > 
> > How do you distinguish between intentionally clashing symbol names and
> > others ? 
> 
> So far, it's been a manual process.  Sometimes, it is obvious based on
> the symbol name (“mutex”, “buffer”, “yylex”).  Sometimes, it can be
> tricky—we have multiple JSON libraries which use the json_ prefix.
> 
> And there are few symbols which must be exempted manually:
> 
> <https://github.com/fweimer/symboldb/blob/master/doc/examples/library-symbol-collisions.txt>
> 
> (This query needs to check the symbol binding, LOCAL/LOCAL is okay.)
> 
> Based on past experiment, I think that if we want to take collisions
> seriously, we need to define symbol namespaces, at least for core-ish
> packages.  And beyond that, we need to look at linker changes.

bad namespacing is bad, indeed just keep in mind the case above, as an
example, we do not want to break that kind of functionality.

Simo.

-- 
Simo Sorce * Red Hat, Inc * New York



More information about the devel mailing list