Re: linux-kernel-digest V1 #184
Andreas Kostyrka (andreas@medman.ag.or.at)
Sun, 28 Apr 1996 13:07:11 +0200 (MET DST)
>
> From: Marek Michalkiewicz <marekm@i17linuxb.ists.pwr.wroc.pl>
> Date: Fri, 26 Apr 1996 20:42:28 +0200 (MET DST)
> Subject: Re: As 2.0 looms
>
> Alain KNAFF:
> > >You decide
> > >which one you want to use at link time (default is to ignore LD_xxx -
> > >it's not necessary except for testing new shared libraries). I think
> >
> > LD_xxx is also needed for programs such as zlibc, which work by
> > redefining certain library calls. Ignoring LD_xxx by default would
> > make any such program impractical.
>
> OK, thanks for pointing this out. But you can still make the binaries
> use LD_xxx if you want.
>
> There should be a secure LD_PRELOAD equivalent - use a system-wide config
> file instead of environment variables. I think David Engel is working on
> it (specifying libraries to preload in /etc/ld.so.preload). Is it OK
Yes this would be nice as an overall, but it should have the possibility to
allow users (best specified uids/gids *grin*) to do their own preloading. Why
is this useful? There are many useful libraries, things like zlibc,
userlevel network fs (I've seen it, but don't ask me now the URL, it's
quite a long time :( ), ...
There are now two points of view:
- admin's view: ``What to hell have MY users to tinker with preloads? You
hopefully don't expect ME to support your weird programs?''
- user's view: ``This fascist sysadmin doesn't want to install my genious
xyz-lib. Ok, let's install it in my $HOME :)''
I'd assume you could get best for both if you would allow something like
this in the master preload config file:
uid==123 include /home/trusted_clever_user/.preload
gid==200 include /home/projects/preload_lib_devel_group/.preload
Perhaps you could even add additional conditions:
maxmode==600 the file is read/write or less for the owner, no
permissions for the rest.
owner==xyz the file is owned by xyz.
group==xyz the file belongs to group xyz.
This additional ``security'' conditions could be even checked only by
ldconfig.
I also believe that haveing preloading configured by files is the right way,
this way programs don't depend upon the the way they have been called.
(was it xdm, startx, getty? ...)
> for zlibc, or does every user really have to be able to redefine library
Not every. But it is a nice feature, especially when the user knows what
(s)he does. It's surely a thing I would like to forbid for 95% of my
users, but then, I have also accounts of people, where I know that they
know, so I can allow them to play with this kind of features.
> calls on their own? (/etc/ld.so.preload would be useful for other things
> as well, like replacing crypt() with something better.)
>
> Marek
Andreas