Date: Sun, 22 Jun 2014 03:41:02 +0200 From: Mateusz Guzik <mjguzik@gmail.com> To: Jonathan Anderson <jonathan@FreeBSD.org> Cc: svn-src-head@freebsd.org, svn-src-all@freebsd.org, src-committers@freebsd.org Subject: Re: svn commit: r267678 - head/libexec/rtld-elf Message-ID: <20140622014102.GA26841@dft-labs.eu> In-Reply-To: <201406201708.s5KH8WVP017030@svn.freebsd.org> References: <201406201708.s5KH8WVP017030@svn.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jun 20, 2014 at 05:08:32PM +0000, Jonathan Anderson wrote: > Author: jonathan > Date: Fri Jun 20 17:08:32 2014 > New Revision: 267678 > URL: http://svnweb.freebsd.org/changeset/base/267678 > > Log: > Add the LD_LIBRARY_PATH_FDS environmental variable. > > This variable allows the loading of shared libraries via directory descriptors > rather than via library paths. If LD_LIBRARY_PATH_FDS=3:4:12, the directories > represented by file descriptors 3, 4 and 12 will searched for shared libraries > before the normal path-based mechanisms are used. This allows us to execute > unprivileged binaries from within a Capsicum sandbox even if they require > shared libraries. > This is not a request, but a mere suggestion. Now there are 2 places where rtld opens requested libraries which is somewhat unfortunate. If find_library was changed to return directory fd to lookup the library in and the path, open could be done in load_object with openat. Old functions would return AT_FDCWD. As a side note load_object would really use an assert that only one of fd_u and name is set. Cheers, -- Mateusz Guzik <mjguzik gmail.com>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20140622014102.GA26841>