You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Fedora hardening guidelines now pass -z now to the linker for packages. Consequently, when calling g_load_library() to load a backend module, all symbols are checked for at the point-of-loading, rather than at the point-of-use.
The reason we are resolving symbols at the point-of use by default, rather than when g_load_library() is called is that g_load_library() is passing the flag RTLD_LAZY to dlopen(3). This appears to be historic; the flag value is present through the whole git history, so for at least the last 17 years.
I managed to introduce a regression for 0.9.17 (see #1986/#1989 for details) in teh VNC module which wasn't picked up in my module testing. Essentially, I renamed a function get_eds_status_msg to rfb_get_eds_status_msg at the point of call and at the point of declaration, but not at the point of definition. The call in question is unlikely to be made as it happens, but if it is, xrdp will fail when it is called.
Also, I landed @bsmojver with a lot of detective work which I'm sure he could have done without.
If I'd been building with -z now for the linker, I'd have picked this up during module testing.
Another option might be to modify the build process to link each module into an executable as part of make check to ensure all symbols are resolved. It's a bit complex, but doable.
I can't see we're gaining a lot from RTLD_LAZY. The module is loaded in a fraction of a second with RTLD_NOW, and then we have the certainty that it won't suddenly blow up under us.
reacted with thumbs up emoji reacted with thumbs down emoji reacted with laugh emoji reacted with hooray emoji reacted with confused emoji reacted with heart emoji reacted with rocket emoji reacted with eyes emoji
-
This has been prompted by #1986
Fedora hardening guidelines now pass
-z nowto the linker for packages. Consequently, when callingg_load_library()to load a backend module, all symbols are checked for at the point-of-loading, rather than at the point-of-use.The reason we are resolving symbols at the point-of use by default, rather than when
g_load_library()is called is thatg_load_library()is passing the flagRTLD_LAZYto dlopen(3). This appears to be historic; the flag value is present through the whole git history, so for at least the last 17 years.I managed to introduce a regression for 0.9.17 (see #1986/#1989 for details) in teh VNC module which wasn't picked up in my module testing. Essentially, I renamed a function
get_eds_status_msgtorfb_get_eds_status_msgat the point of call and at the point of declaration, but not at the point of definition. The call in question is unlikely to be made as it happens, but if it is,xrdpwill fail when it is called.Also, I landed @bsmojver with a lot of detective work which I'm sure he could have done without.
If I'd been building with
-z nowfor the linker, I'd have picked this up during module testing.My proposal is to apply this patch:-
With this patch, the following error appears in the
xrdp.logwhen VNC is invoked:-Another option might be to modify the build process to link each module into an executable as part of
make checkto ensure all symbols are resolved. It's a bit complex, but doable.I can't see we're gaining a lot from
RTLD_LAZY. The module is loaded in a fraction of a second withRTLD_NOW, and then we have the certainty that it won't suddenly blow up under us.Thoughts?
Beta Was this translation helpful? Give feedback.
All reactions