Message ID | 20220101165311.2197758-1-samuel.thibault@ens-lyon.org |
---|---|
State | New |
Headers | show |
Series | [hurd,commited] hurd: Use __trivfs_server_name instead of trivfs_server_name | expand |
* Samuel Thibault: > The latter violates namespace contraints > --- > sysdeps/mach/hurd/getrandom.c | 18 +++++++++--------- > 1 file changed, 9 insertions(+), 9 deletions(-) > > diff --git a/sysdeps/mach/hurd/getrandom.c b/sysdeps/mach/hurd/getrandom.c > index 24f9ac60f7..76f2e900d2 100644 > --- a/sysdeps/mach/hurd/getrandom.c > +++ b/sysdeps/mach/hurd/getrandom.c > @@ -21,7 +21,7 @@ > #include <unistd.h> > #include <not-cancel.h> > > -extern char *trivfs_server_name __attribute__((weak)); > +extern char *__trivfs_server_name __attribute__((weak)); > > /* Write up to LENGTH bytes of randomness starting at BUFFER. > Return the number of bytes written, or -1 on error. */ > @@ -33,14 +33,14 @@ __getrandom (void *buffer, size_t length, unsigned int flags) > size_t amount_read; > int fd; > > - if (&trivfs_server_name && trivfs_server_name > - && trivfs_server_name[0] == 'r' > - && trivfs_server_name[1] == 'a' > - && trivfs_server_name[2] == 'n' > - && trivfs_server_name[3] == 'd' > - && trivfs_server_name[4] == 'o' > - && trivfs_server_name[5] == 'm' > - && trivfs_server_name[6] == '\0') > + if (&__trivfs_server_name && __trivfs_server_name > + && __trivfs_server_name[0] == 'r' > + && __trivfs_server_name[1] == 'a' > + && __trivfs_server_name[2] == 'n' > + && __trivfs_server_name[3] == 'd' > + && __trivfs_server_name[4] == 'o' > + && __trivfs_server_name[5] == 'm' > + && __trivfs_server_name[6] == '\0') > /* We are random, don't try to read ourselves! */ > return length; How does this work? It's a new synbol name, so there's no definition, so the weak reference is always null.
Florian Weimer, le sam. 01 janv. 2022 18:27:49 +0100, a ecrit: > > @@ -33,14 +33,14 @@ __getrandom (void *buffer, size_t length, unsigned int flags) > > size_t amount_read; > > int fd; > > > > - if (&trivfs_server_name && trivfs_server_name > > - && trivfs_server_name[0] == 'r' > > - && trivfs_server_name[1] == 'a' > > - && trivfs_server_name[2] == 'n' > > - && trivfs_server_name[3] == 'd' > > - && trivfs_server_name[4] == 'o' > > - && trivfs_server_name[5] == 'm' > > - && trivfs_server_name[6] == '\0') > > + if (&__trivfs_server_name && __trivfs_server_name > > + && __trivfs_server_name[0] == 'r' > > + && __trivfs_server_name[1] == 'a' > > + && __trivfs_server_name[2] == 'n' > > + && __trivfs_server_name[3] == 'd' > > + && __trivfs_server_name[4] == 'o' > > + && __trivfs_server_name[5] == 'm' > > + && __trivfs_server_name[6] == '\0') > > /* We are random, don't try to read ourselves! */ > > return length; > > How does this work? It's a new synbol name, so there's no definition, > so the weak reference is always null. It is peeking it from the program. Basically the problem is that the random translator uses glibc, whose malloc implementation started using /dev/random in glibc 2.34, thus reading itself. Samuel
* Samuel Thibault via Libc-alpha: > Florian Weimer, le sam. 01 janv. 2022 18:27:49 +0100, a ecrit: >> > @@ -33,14 +33,14 @@ __getrandom (void *buffer, size_t length, unsigned int flags) >> > size_t amount_read; >> > int fd; >> > >> > - if (&trivfs_server_name && trivfs_server_name >> > - && trivfs_server_name[0] == 'r' >> > - && trivfs_server_name[1] == 'a' >> > - && trivfs_server_name[2] == 'n' >> > - && trivfs_server_name[3] == 'd' >> > - && trivfs_server_name[4] == 'o' >> > - && trivfs_server_name[5] == 'm' >> > - && trivfs_server_name[6] == '\0') >> > + if (&__trivfs_server_name && __trivfs_server_name >> > + && __trivfs_server_name[0] == 'r' >> > + && __trivfs_server_name[1] == 'a' >> > + && __trivfs_server_name[2] == 'n' >> > + && __trivfs_server_name[3] == 'd' >> > + && __trivfs_server_name[4] == 'o' >> > + && __trivfs_server_name[5] == 'm' >> > + && __trivfs_server_name[6] == '\0') >> > /* We are random, don't try to read ourselves! */ >> > return length; >> >> How does this work? It's a new synbol name, so there's no definition, >> so the weak reference is always null. > > It is peeking it from the program. > > Basically the problem is that the random translator uses glibc, whose > malloc implementation started using /dev/random in glibc 2.34, thus > reading itself. I still don't understand. Why isn't the condition always false?
Florian Weimer, le sam. 01 janv. 2022 19:48:21 +0100, a ecrit: > * Samuel Thibault via Libc-alpha: > >> > + if (&__trivfs_server_name && __trivfs_server_name > >> > + && __trivfs_server_name[0] == 'r' > >> > + && __trivfs_server_name[1] == 'a' > >> > + && __trivfs_server_name[2] == 'n' > >> > + && __trivfs_server_name[3] == 'd' > >> > + && __trivfs_server_name[4] == 'o' > >> > + && __trivfs_server_name[5] == 'm' > >> > + && __trivfs_server_name[6] == '\0') > >> > /* We are random, don't try to read ourselves! */ > >> > return length; > >> > >> How does this work? It's a new synbol name, so there's no definition, > >> so the weak reference is always null. > > > > It is peeking it from the program. > > > > Basically the problem is that the random translator uses glibc, whose > > malloc implementation started using /dev/random in glibc 2.34, thus > > reading itself. > > I still don't understand. Why isn't the condition always false? The definition is in the random translator, which exports it in its dynamic symbol table. Samuel
* Samuel Thibault: > Florian Weimer, le sam. 01 janv. 2022 19:48:21 +0100, a ecrit: >> * Samuel Thibault via Libc-alpha: >> >> > + if (&__trivfs_server_name && __trivfs_server_name >> >> > + && __trivfs_server_name[0] == 'r' >> >> > + && __trivfs_server_name[1] == 'a' >> >> > + && __trivfs_server_name[2] == 'n' >> >> > + && __trivfs_server_name[3] == 'd' >> >> > + && __trivfs_server_name[4] == 'o' >> >> > + && __trivfs_server_name[5] == 'm' >> >> > + && __trivfs_server_name[6] == '\0') >> >> > /* We are random, don't try to read ourselves! */ >> >> > return length; >> >> >> >> How does this work? It's a new synbol name, so there's no definition, >> >> so the weak reference is always null. >> > >> > It is peeking it from the program. >> > >> > Basically the problem is that the random translator uses glibc, whose >> > malloc implementation started using /dev/random in glibc 2.34, thus >> > reading itself. >> >> I still don't understand. Why isn't the condition always false? > > The definition is in the random translator, which exports it in its > dynamic symbol table. Oh, so there is a companion patch that is not reflected in the glibc sources?
Florian Weimer, le sam. 01 janv. 2022 20:02:12 +0100, a ecrit: > * Samuel Thibault: > > > Florian Weimer, le sam. 01 janv. 2022 19:48:21 +0100, a ecrit: > >> * Samuel Thibault via Libc-alpha: > >> >> > + if (&__trivfs_server_name && __trivfs_server_name > >> >> > + && __trivfs_server_name[0] == 'r' > >> >> > + && __trivfs_server_name[1] == 'a' > >> >> > + && __trivfs_server_name[2] == 'n' > >> >> > + && __trivfs_server_name[3] == 'd' > >> >> > + && __trivfs_server_name[4] == 'o' > >> >> > + && __trivfs_server_name[5] == 'm' > >> >> > + && __trivfs_server_name[6] == '\0') > >> >> > /* We are random, don't try to read ourselves! */ > >> >> > return length; > >> >> > >> >> How does this work? It's a new synbol name, so there's no definition, > >> >> so the weak reference is always null. > >> > > >> > It is peeking it from the program. > >> > > >> > Basically the problem is that the random translator uses glibc, whose > >> > malloc implementation started using /dev/random in glibc 2.34, thus > >> > reading itself. > >> > >> I still don't understand. Why isn't the condition always false? > > > > The definition is in the random translator, which exports it in its > > dynamic symbol table. > > Oh, so there is a companion patch that is not reflected in the glibc > sources? Yes, it's there: http://git.savannah.gnu.org/cgit/hurd/hurd.git/commit/?id=8c5eb657ff196a31a3230652823221f3fe805d73 Samuel
diff --git a/sysdeps/mach/hurd/getrandom.c b/sysdeps/mach/hurd/getrandom.c index 24f9ac60f7..76f2e900d2 100644 --- a/sysdeps/mach/hurd/getrandom.c +++ b/sysdeps/mach/hurd/getrandom.c @@ -21,7 +21,7 @@ #include <unistd.h> #include <not-cancel.h> -extern char *trivfs_server_name __attribute__((weak)); +extern char *__trivfs_server_name __attribute__((weak)); /* Write up to LENGTH bytes of randomness starting at BUFFER. Return the number of bytes written, or -1 on error. */ @@ -33,14 +33,14 @@ __getrandom (void *buffer, size_t length, unsigned int flags) size_t amount_read; int fd; - if (&trivfs_server_name && trivfs_server_name - && trivfs_server_name[0] == 'r' - && trivfs_server_name[1] == 'a' - && trivfs_server_name[2] == 'n' - && trivfs_server_name[3] == 'd' - && trivfs_server_name[4] == 'o' - && trivfs_server_name[5] == 'm' - && trivfs_server_name[6] == '\0') + if (&__trivfs_server_name && __trivfs_server_name + && __trivfs_server_name[0] == 'r' + && __trivfs_server_name[1] == 'a' + && __trivfs_server_name[2] == 'n' + && __trivfs_server_name[3] == 'd' + && __trivfs_server_name[4] == 'o' + && __trivfs_server_name[5] == 'm' + && __trivfs_server_name[6] == '\0') /* We are random, don't try to read ourselves! */ return length;