[PATCH bpf-next] libbpf: Do not require executable permission for shared libraries

BPF List
 help / color / mirror / Atom feed

* [PATCH bpf-next] libbpf: Do not require executable permission for shared libraries
@ 2022-08-06 10:20 Hengqi Chen
  2022-08-08 17:18 ` Yonghong Song
  2022-08-08 22:20 ` patchwork-bot+netdevbpf
  0 siblings, 2 replies; 4+ messages in thread
From: Hengqi Chen @ 2022-08-06 10:20 UTC (permalink / raw)
  To: bpf, andrii; +Cc: hengqi.chen, Goro Fuji

Currently, resolve_full_path() requires executable permission for both
programs and shared libraries. This causes failures on distos like Debian
since the shared libraries are not installed executable ([0]). Let's remove
executable permission check for shared libraries.

  [0]: https://www.debian.org/doc/debian-policy/

Reported-by: Goro Fuji <goro@fastly.com>
Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
---
 tools/lib/bpf/libbpf.c | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
index 77e3797cf75a..f0ce7423afb8 100644
--- a/tools/lib/bpf/libbpf.c
+++ b/tools/lib/bpf/libbpf.c
@@ -10666,7 +10666,7 @@ static const char *arch_specific_lib_paths(void)
 static int resolve_full_path(const char *file, char *result, size_t result_sz)
 {
 	const char *search_paths[3] = {};
-	int i;
+	int i, perm = R_OK;
 
 	if (str_has_sfx(file, ".so") || strstr(file, ".so.")) {
 		search_paths[0] = getenv("LD_LIBRARY_PATH");
@@ -10675,6 +10675,7 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
 	} else {
 		search_paths[0] = getenv("PATH");
 		search_paths[1] = "/usr/bin:/usr/sbin";
+		perm |= X_OK;
 	}
 
 	for (i = 0; i < ARRAY_SIZE(search_paths); i++) {
@@ -10693,8 +10694,8 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
 			if (!seg_len)
 				continue;
 			snprintf(result, result_sz, "%.*s/%s", seg_len, s, file);
-			/* ensure it is an executable file/link */
-			if (access(result, R_OK | X_OK) < 0)
+			/* ensure it has required permissions */
+			if (access(result, perm) < 0)
 				continue;
 			pr_debug("resolved '%s' to '%s'\n", file, result);
 			return 0;
-- 
2.27.0



^ permalink raw reply related	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next] libbpf: Do not require executable permission for shared libraries
  2022-08-06 10:20 [PATCH bpf-next] libbpf: Do not require executable permission for shared libraries Hengqi Chen
@ 2022-08-08 17:18 ` Yonghong Song
  2022-08-08 22:10   ` Andrii Nakryiko
  2022-08-08 22:20 ` patchwork-bot+netdevbpf
  1 sibling, 1 reply; 4+ messages in thread
From: Yonghong Song @ 2022-08-08 17:18 UTC (permalink / raw)
  To: Hengqi Chen, bpf, andrii; +Cc: Goro Fuji



On 8/6/22 3:20 AM, Hengqi Chen wrote:
> Currently, resolve_full_path() requires executable permission for both
> programs and shared libraries. This causes failures on distos like Debian
> since the shared libraries are not installed executable ([0]). Let's remove
> executable permission check for shared libraries.
> 
>    [0]: https://www.debian.org/doc/debian-policy/

The document is too big. Could you be more specific about
which chapter and copy-paste related statements in the commit message?

> 
> Reported-by: Goro Fuji <goro@fastly.com>
> Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
> ---
>   tools/lib/bpf/libbpf.c | 7 ++++---
>   1 file changed, 4 insertions(+), 3 deletions(-)
> 
> diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> index 77e3797cf75a..f0ce7423afb8 100644
> --- a/tools/lib/bpf/libbpf.c
> +++ b/tools/lib/bpf/libbpf.c
> @@ -10666,7 +10666,7 @@ static const char *arch_specific_lib_paths(void)
>   static int resolve_full_path(const char *file, char *result, size_t result_sz)
>   {
>   	const char *search_paths[3] = {};
> -	int i;
> +	int i, perm = R_OK;
>   
>   	if (str_has_sfx(file, ".so") || strstr(file, ".so.")) {
>   		search_paths[0] = getenv("LD_LIBRARY_PATH");
> @@ -10675,6 +10675,7 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
>   	} else {
>   		search_paths[0] = getenv("PATH");
>   		search_paths[1] = "/usr/bin:/usr/sbin";
> +		perm |= X_OK;
>   	}
>   
>   	for (i = 0; i < ARRAY_SIZE(search_paths); i++) {
> @@ -10693,8 +10694,8 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
>   			if (!seg_len)
>   				continue;
>   			snprintf(result, result_sz, "%.*s/%s", seg_len, s, file);
> -			/* ensure it is an executable file/link */
> -			if (access(result, R_OK | X_OK) < 0)
> +			/* ensure it has required permissions */
> +			if (access(result, perm) < 0)
>   				continue;
>   			pr_debug("resolved '%s' to '%s'\n", file, result);
>   			return 0;

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next] libbpf: Do not require executable permission for shared libraries
  2022-08-08 17:18 ` Yonghong Song
@ 2022-08-08 22:10   ` Andrii Nakryiko
  0 siblings, 0 replies; 4+ messages in thread
From: Andrii Nakryiko @ 2022-08-08 22:10 UTC (permalink / raw)
  To: Yonghong Song; +Cc: Hengqi Chen, bpf, andrii, Goro Fuji

On Mon, Aug 8, 2022 at 10:18 AM Yonghong Song <yhs@fb.com> wrote:
>
>
>
> On 8/6/22 3:20 AM, Hengqi Chen wrote:
> > Currently, resolve_full_path() requires executable permission for both
> > programs and shared libraries. This causes failures on distos like Debian
> > since the shared libraries are not installed executable ([0]). Let's remove
> > executable permission check for shared libraries.
> >
> >    [0]: https://www.debian.org/doc/debian-policy/
>
> The document is too big. Could you be more specific about
> which chapter and copy-paste related statements in the commit message?
>

I just dropped that link and added "and Linux is not requiring shared
libraries to have executable permissions". Pushed to bpf-next, thanks.


> >
> > Reported-by: Goro Fuji <goro@fastly.com>
> > Signed-off-by: Hengqi Chen <hengqi.chen@gmail.com>
> > ---
> >   tools/lib/bpf/libbpf.c | 7 ++++---
> >   1 file changed, 4 insertions(+), 3 deletions(-)
> >
> > diff --git a/tools/lib/bpf/libbpf.c b/tools/lib/bpf/libbpf.c
> > index 77e3797cf75a..f0ce7423afb8 100644
> > --- a/tools/lib/bpf/libbpf.c
> > +++ b/tools/lib/bpf/libbpf.c
> > @@ -10666,7 +10666,7 @@ static const char *arch_specific_lib_paths(void)
> >   static int resolve_full_path(const char *file, char *result, size_t result_sz)
> >   {
> >       const char *search_paths[3] = {};
> > -     int i;
> > +     int i, perm = R_OK;
> >
> >       if (str_has_sfx(file, ".so") || strstr(file, ".so.")) {
> >               search_paths[0] = getenv("LD_LIBRARY_PATH");
> > @@ -10675,6 +10675,7 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
> >       } else {
> >               search_paths[0] = getenv("PATH");
> >               search_paths[1] = "/usr/bin:/usr/sbin";
> > +             perm |= X_OK;

I changed this bit a bit to just set perm = R_OK for library case and
explicitly perm = R_OK | X_OK for executable case. I think that makes
it a bit easier to follow (and it doesn't change the outcome).

Thanks for the quick follow up from Github issue!

> >       }
> >
> >       for (i = 0; i < ARRAY_SIZE(search_paths); i++) {
> > @@ -10693,8 +10694,8 @@ static int resolve_full_path(const char *file, char *result, size_t result_sz)
> >                       if (!seg_len)
> >                               continue;
> >                       snprintf(result, result_sz, "%.*s/%s", seg_len, s, file);
> > -                     /* ensure it is an executable file/link */
> > -                     if (access(result, R_OK | X_OK) < 0)
> > +                     /* ensure it has required permissions */
> > +                     if (access(result, perm) < 0)
> >                               continue;
> >                       pr_debug("resolved '%s' to '%s'\n", file, result);
> >                       return 0;

^ permalink raw reply	[flat|nested] 4+ messages in thread

* Re: [PATCH bpf-next] libbpf: Do not require executable permission for shared libraries
  2022-08-06 10:20 [PATCH bpf-next] libbpf: Do not require executable permission for shared libraries Hengqi Chen
  2022-08-08 17:18 ` Yonghong Song
@ 2022-08-08 22:20 ` patchwork-bot+netdevbpf
  1 sibling, 0 replies; 4+ messages in thread
From: patchwork-bot+netdevbpf @ 2022-08-08 22:20 UTC (permalink / raw)
  To: Hengqi Chen; +Cc: bpf, andrii, goro

Hello:

This patch was applied to bpf/bpf-next.git (master)
by Andrii Nakryiko <andrii@kernel.org>:

On Sat,  6 Aug 2022 18:20:21 +0800 you wrote:
> Currently, resolve_full_path() requires executable permission for both
> programs and shared libraries. This causes failures on distos like Debian
> since the shared libraries are not installed executable ([0]). Let's remove
> executable permission check for shared libraries.
> 
>   [0]: https://www.debian.org/doc/debian-policy/
> 
> [...]

Here is the summary with links:
  - [bpf-next] libbpf: Do not require executable permission for shared libraries
    https://git.kernel.org/bpf/bpf-next/c/9e32084ef1c3

You are awesome, thank you!
-- 
Deet-doot-dot, I am a bot.
https://korg.docs.kernel.org/patchwork/pwbot.html



^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-08-08 22:20 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2022-08-06 10:20 [PATCH bpf-next] libbpf: Do not require executable permission for shared libraries Hengqi Chen
2022-08-08 17:18 ` Yonghong Song
2022-08-08 22:10   ` Andrii Nakryiko
2022-08-08 22:20 ` patchwork-bot+netdevbpf

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox