Date: Mon, 19 Feb 2024 18:53:07 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 277169] [rtld] dlopen() is unusable for capsicum Message-ID: <bug-277169-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D277169 Bug ID: 277169 Summary: [rtld] dlopen() is unusable for capsicum Product: Base System Version: 14.0-RELEASE Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: bin Assignee: bugs@FreeBSD.org Reporter: vini.ipsmaker@gmail.com To support capsicum, rtld right now offers the env var LD_LIBRARY_PATH_FDS = to specify a list of file descriptors. That works for shared libraries, but it doesn't work for plugins. Plugins shouldn't be mixed with shared libraries. An extra env var could be used to map specific plugin library paths fds to plugins path names (e.g. fd 4 mapping to /usr/local/lib/gawk). In this case= , if a dlopen() call is done against /usr/local/lib/gawk, the fd 4 would be used. In my scenario, I need this because dlopen() already executes untrusted code and for a certain piece of software I want to do this in capsicum mode. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-277169-227>