Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename [and 1 more messages]

To: Aurelien Jarno <aurelien@aurel32.net>, 963508@bugs.debian.org, Colin Watson <cjwatson@debian.org>
Subject: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename [and 1 more messages]
From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Tue, 23 Jun 2020 14:17:52 +0100
Message-id: <[🔎] 24306.256.917475.620133@chiark.greenend.org.uk>
Reply-to: Ian Jackson <ijackson@chiark.greenend.org.uk>, 963508@bugs.debian.org
In-reply-to: <[🔎] 24305.58815.453992.540855@chiark.greenend.org.uk>, <[🔎] 20200623130403.GA287302@aurel32.net>
References: <[🔎] 159284881159.3577.15577493642137212642.reportbug@zealot.relativity.greenend.org.uk> <[🔎] 20200622211851.GA8215@aurel32.net> <[🔎] 24305.56738.393752.772285@chiark.greenend.org.uk> <[🔎] 20200623110445.GB8215@aurel32.net> <[🔎] 24305.58815.453992.540855@chiark.greenend.org.uk> <[🔎] 20200623130403.GA287302@aurel32.net> <[🔎] 159284881159.3577.15577493642137212642.reportbug@zealot.relativity.greenend.org.uk>

Aurelien Jarno writes ("Re: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename"):
> [stuff]

Thanks for your explanations and sorry for being dense.

>   In secure-execution mode, preload pathnames containing slashes are
>   ignored.  Furthermore, shared objects are preloaded only from the
>   standard search directories and only if they have set-user-ID mode bit
>   enabled (which is not typical).

Obviously it wouldn't be right for eatmydata to be loaded by actually
setuid programs.

Ian Jackson writes ("Re: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename"):
> (As an aside, I'm not sure why it makes sense for apparmor to inhibit
> preloading.  I thought apparmor was intended to restrict the
> applications you apply it to, not defend them against their callers.)

So the overall effect is that programs with apparmor profiles are
mostly protected from the effects of LD_PRELOAD (and, I assume,
LD_LIBRARY_PATH and various other properties of the execution
environment).

This doesn't seem correct to me.  Is there any documentation giving a
rationale for this ?  Is there a way to change this locally ?
(Other than creating /etc/suid-debug, which is dangerous.)

Ian.

Reply to:

Follow-Ups:
- Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename [and 1 more messages]
  - From: Aurelien Jarno <aurelien@aurel32.net>

References:
- Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename
  - From: Aurelien Jarno <aurelien@aurel32.net>
- Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename
  - From: Ian Jackson <ijackson@chiark.greenend.org.uk>
- Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename
  - From: Aurelien Jarno <aurelien@aurel32.net>

Prev by Date: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename
Next by Date: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename [and 1 more messages]
Previous by thread: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename
Next by thread: Bug#963508: /lib/ld-linux.so.2: LD_PRELOAD breaks with plain filename [and 1 more messages]
Index(es):
- Date
- Thread