On Tue, Apr 02, 2024 at 07:40:33AM +0200, Andreas Schneider wrote:
On Saturday, 30 March 2024 10:37:44 CEST Richard W.M. Jones wrote:
> These are just my thoughts on a Saturday morning. Feedback welcome of
> course.
I find the use of the ifunc attribute is really uncommon at this place. I
would expect it in ffmpeg or some media codecs. In xz it looks like it is only
there to hook in the payload. The software I know normally uses target
cloning.
In hindsight it's suspicious, but it's not generally suspicious for a
project that needs to generate optimal code for different
sub-architectures (eg. something that does fast decompression) to use
the mechanism for that purpose, ifunc.
That said, ifunc is a very complicated, fragile but powerful mechanism
and I'd like to know from the glibc developers what we should
look out for. For example:
- Is it ever valid for ifunc to take control of functions in another
library? Can this be detected by ld.so?
- Can some wrappers be developed to make it both easier and safer?
I think the use of the ifunc attribute should be a red flag.
Can't we check
for it with rpmlint and let the security team verify it?
Rich.
--
Richard Jones, Virtualization Group, Red Hat
http://people.redhat.com/~rjones
Read my programming and virtualization blog:
http://rwmj.wordpress.com
libguestfs lets you edit virtual machines. Supports shell scripting,
bindings from many languages.
http://libguestfs.org