From: Philip Tricca <philip.b.tricca at intel.com>
To: tpm2@lists.01.org
Subject: Re: [tpm2] dlopen()'ing raw .so files considered bad
Date: Thu, 31 May 2018 16:18:18 -0700 [thread overview]
Message-ID: <20180531231818.GE31407@intel.com> (raw)
In-Reply-To: 476DC76E7D1DF2438D32BFADF679FC5649BD5769@ORSMSX101.amr.corp.intel.com
[-- Attachment #1: Type: text/plain, Size: 2305 bytes --]
On Thu, May 31, 2018 at 09:12:45PM +0000, Roberts, William C wrote:
>
>
> > -----Original Message-----
> > From: tpm2 [mailto:tpm2-bounces(a)lists.01.org] On Behalf Of Trevor Woerner
> > Sent: Thursday, May 31, 2018 1:47 PM
> > To: tpm2(a)lists.01.org
> > Subject: [tpm2] dlopen()'ing raw .so files considered bad
> >
> > Hey everyone,
> >
> > I was playing around with the latest tpm2 tools (i.e. the git master) and I noticed
> > that this code is now dlopen()'ing the libraries at runtime.
> >
> > That's a very nice feature, but the way it's been implemented is not entirely
> > correct.
> >
> > The filename parameter to dlopen() should be a library's SONAME, not the raw
> > .so file. The raw .so file is considered a -dev or -devel package component, not a
> > component of the library package itself. The raw .so exists as a develop crutch,
> > but shouldn't be used in production.
> >
> > The raw .so will always point to the latest shared library object. But in an ideal
> > world, the shared library's API should be denoted by the first number after ".so.".
> > It would be extremely unlikely that the programs linking to today's TSS (with its
> > current API) would continue to work should an API-breaking change occur in the
> > future (thus requiring the first number after ".so." to be incremented).
>
> Per the spec we work on, we can't break it.
>
> >
> > In other words, programs should dlopen() a specific API (e.g. ".so.0") and not just
> > "the latest" (i.e. ".so").
>
> Good to know, well make this change in the tools:
> https://github.com/tpm2-software/tpm2-tools/pull/1052
Have one up for tabrmd as well:
https://github.com/tpm2-software/tpm2-abrmd/pull/471
Philip
> >
> > Please see https://lists.debian.org/debian-policy/2002/12/msg00041.html, for
> > example.
> >
> > As is, this is going to mess up people packaging this software for various distros,
> > and users trying to use this software (since they'll have to install the -dev
> > packages for it to work, which can get messy for non-developer users).
> >
> >
> > Thanks and best regards,
> > Trevor
>
> _______________________________________________
> tpm2 mailing list
> tpm2(a)lists.01.org
> https://lists.01.org/mailman/listinfo/tpm2
next reply other threads:[~2018-05-31 23:18 UTC|newest]
Thread overview: 9+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-05-31 23:18 Philip Tricca [this message]
-- strict thread matches above, loose matches on Subject: below --
2018-06-12 11:43 [tpm2] dlopen()'ing raw .so files considered bad Trevor Woerner
2018-06-02 7:39 Fuchs, Andreas
2018-06-02 2:19 Trevor Woerner
2018-06-01 16:51 Fuchs, Andreas
2018-06-01 16:49 Fuchs, Andreas
2018-06-01 0:15 Trevor Woerner
2018-05-31 21:12 Roberts, William C
2018-05-31 20:46 Trevor Woerner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20180531231818.GE31407@intel.com \
--to=tpm2@lists.01.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.