diff --git a/lib/libc/gen/Makefile.inc b/lib/libc/gen/Makefile.inc --- a/lib/libc/gen/Makefile.inc +++ b/lib/libc/gen/Makefile.inc @@ -275,6 +275,7 @@ raise.3 \ rand48.3 \ readpassphrase.3 \ + rtld_get_effective_env_var.3 \ scandir.3 \ sem_destroy.3 \ sem_getvalue.3 \ @@ -481,6 +482,8 @@ rand48.3 nrand48.3 \ rand48.3 seed48.3 \ rand48.3 srand48.3 +MLINKS+=rtld_get_effective_env_var.3 \ + rtld_set_effective_env_var.3 MLINKS+=scandir.3 alphasort.3 \ scandir.3 scandirat.3 \ scandir.3 scandir_b.3 \ diff --git a/lib/libc/gen/Symbol.map b/lib/libc/gen/Symbol.map --- a/lib/libc/gen/Symbol.map +++ b/lib/libc/gen/Symbol.map @@ -456,6 +456,8 @@ aio_read2; aio_write2; execvpe; + rtld_get_effective_env_var; + rtld_set_effective_env_var; }; FBSDprivate_1.0 { diff --git a/lib/libc/gen/dlfcn.c b/lib/libc/gen/dlfcn.c --- a/lib/libc/gen/dlfcn.c +++ b/lib/libc/gen/dlfcn.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include #include @@ -337,4 +338,20 @@ return (0); } +#pragma weak rtld_get_effective_env_var +const char * +rtld_get_effective_env_var(const char *name __unused) +{ + _rtld_error(sorry); + return (NULL); +} + +#pragma weak rtld_set_effective_env_var +int +rtld_set_effective_env_var(const char *name __unused, const char *val __unused) +{ + _rtld_error(sorry); + return (EINVAL); +} + #endif /* !defined(IN_LIBDL) || defined(PIC) */ diff --git a/lib/libc/gen/rtld_get_effective_env_var.3 b/lib/libc/gen/rtld_get_effective_env_var.3 new file mode 100644 --- /dev/null +++ b/lib/libc/gen/rtld_get_effective_env_var.3 @@ -0,0 +1,103 @@ +.\" Copyright (c) 2024 The FreeBSD Foundation +.\" +.\" This documentation was written by +.\" Konstantin Belousov under sponsorship +.\" from the FreeBSD Foundation. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE AUTHORS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.Dd October 31, 2024 +.Dt rtld_get_effective_env_var 3 +.Os +.Sh NAME +.Nm rtld_get_effective_env_var +.Nd query or change run-time linker parameters after image activation +.Sh LIBRARY +.Lb libc +.Sh SYNOPSIS +.In sys/errno.h +.In link.h +.Ft const char * +.Fn rtld_get_effective_env_var "const char *name" +.Ft int +.Fn rtld_set_effective_env_var "const char *name" "const char *value" +.Sh DESCRIPTION +The dynamic linker +.Xr ld-elf.so.1 +can be configured be setting some environment variables for the process, +before image activation. +Sometimes it is desirable to query the current effective settings or +change them afterward. +.Pp +Since the process environment variables are maintained by higher-level +libraries, run-time linker cannot access them after the start. +The described functions make it possible to operate on rtld settings. +.Pp +The +.Fn rtld_get_effective_env_var +function returns the current value of the named parameter. +.Pp +The +.Fn rtld_set_effective_env_var +functions changes the value of the parameter to the new +.Fa value +value, if possible. +.Fa name +argument to both functions is the name of the parameter, which +is same as the corresponding environment variable (see +.Xr ld-elf.so.1 ) +but without the +.Ev LD_ +(or +.Ev LD_32_ +or any other ABI-specific) prefix. +.Sh RETURN VALUES +The +.Fn rtld_get_effective_env_var +returns the current value of the named parameter, or +.Dv NULL +if the name is invalid. +.Pp +The +.Fn rtld_set_effective_env_var +returns 0 on success, or an integer indicating the error condition +which prevented the operation. +.Sh ERRORS +Possible errors returned from +.Fn rtld_set_effective_env_var : +.Bl -tag -width Er +.It Bq Er EPERM +The requested change cannot be done at runtime, either because the +runtime linker already initialized, or because the current process +is executing with elevated privileges. +.It Bq ENOENT +The supplied parameter +.Fa name +is unknown. +.El +.Sh SEE ALSO +.Xr ld-elf.so.1 1 , +.Sh HISTORY +The +.Nm +function first appeared in +.Fx 15.0 . diff --git a/lib/libdl/Symbol.map b/lib/libdl/Symbol.map --- a/lib/libdl/Symbol.map +++ b/lib/libdl/Symbol.map @@ -17,3 +17,8 @@ FBSD_1.3 { fdlopen; }; + +FBSD_1.8 { + rtld_get_effective_env_var; + rtld_set_effective_env_var; +}; diff --git a/libexec/rtld-elf/Symbol.map b/libexec/rtld-elf/Symbol.map --- a/libexec/rtld-elf/Symbol.map +++ b/libexec/rtld-elf/Symbol.map @@ -21,6 +21,11 @@ fdlopen; }; +FBSD_1.8 { + rtld_get_effective_env_var; + rtld_set_effective_env_var; +}; + FBSDprivate_1.0 { _rtld_thread_init; _rtld_allocate_tls; diff --git a/libexec/rtld-elf/rtld.1 b/libexec/rtld-elf/rtld.1 --- a/libexec/rtld-elf/rtld.1 +++ b/libexec/rtld-elf/rtld.1 @@ -138,6 +138,10 @@ for example: .Ev LD_32_TRACE_LOADED_OBJECTS . If the activated image is setuid or setgid, the variables are ignored. +At run-time, effective settings can be queried using +.Xr rtld_get_effective_env_var 3 , +and some of them can be changed with +.Xr rtld_set_effective_env_var 3 . .Bl -tag -width ".Ev LD_LIBMAP_DISABLE" .It Ev LD_DUMP_REL_POST If set, @@ -527,6 +531,8 @@ .Xr ld 1 , .Xr ldd 1 , .Xr dlinfo 3 , +.Xr rtld_get_effective_env_var 3 , +.Xr rtld_set_effective_env_var 3 , .Xr capsicum 4 , .Xr elf 5 , .Xr libmap.conf 5 , diff --git a/libexec/rtld-elf/rtld.c b/libexec/rtld-elf/rtld.c --- a/libexec/rtld-elf/rtld.c +++ b/libexec/rtld-elf/rtld.c @@ -257,6 +257,8 @@ int _rtld_get_stack_prot(void) __exported; int _rtld_is_dlopened(void *) __exported; void _rtld_error(const char *, ...) __exported; +const char *rtld_get_effective_env_var(const char *name) __exported; +int rtld_set_effective_env_var(const char *name, const char *val) __exported; /* Only here to fix -Wmissing-prototypes warnings */ int __getosreldate(void); @@ -346,36 +348,43 @@ struct ld_env_var_desc { const char * const n; const char *val; - const bool unsecure; + const bool unsecure:1; + const bool can_update:1; + bool owned:1; }; -#define LD_ENV_DESC(var, unsec) \ - [LD_##var] = { .n = #var, .unsecure = unsec } +#define LD_ENV_DESC(var, unsec, cu) \ + [LD_##var] = { \ + .n = #var, \ + .unsecure = unsec, \ + .can_update = cu, \ + .owned = false, \ + } static struct ld_env_var_desc ld_env_vars[] = { - LD_ENV_DESC(BIND_NOW, false), - LD_ENV_DESC(PRELOAD, true), - LD_ENV_DESC(LIBMAP, true), - LD_ENV_DESC(LIBRARY_PATH, true), - LD_ENV_DESC(LIBRARY_PATH_FDS, true), - LD_ENV_DESC(LIBMAP_DISABLE, true), - LD_ENV_DESC(BIND_NOT, true), - LD_ENV_DESC(DEBUG, true), - LD_ENV_DESC(ELF_HINTS_PATH, true), - LD_ENV_DESC(LOADFLTR, true), - LD_ENV_DESC(LIBRARY_PATH_RPATH, true), - LD_ENV_DESC(PRELOAD_FDS, true), - LD_ENV_DESC(DYNAMIC_WEAK, true), - LD_ENV_DESC(TRACE_LOADED_OBJECTS, false), - LD_ENV_DESC(UTRACE, false), - LD_ENV_DESC(DUMP_REL_PRE, false), - LD_ENV_DESC(DUMP_REL_POST, false), - LD_ENV_DESC(TRACE_LOADED_OBJECTS_PROGNAME, false), - LD_ENV_DESC(TRACE_LOADED_OBJECTS_FMT1, false), - LD_ENV_DESC(TRACE_LOADED_OBJECTS_FMT2, false), - LD_ENV_DESC(TRACE_LOADED_OBJECTS_ALL, false), - LD_ENV_DESC(SHOW_AUXV, false), - LD_ENV_DESC(STATIC_TLS_EXTRA, false), - LD_ENV_DESC(NO_DL_ITERATE_PHDR_AFTER_FORK, false), + LD_ENV_DESC(BIND_NOW, false, false), + LD_ENV_DESC(PRELOAD, true, false), + LD_ENV_DESC(LIBMAP, true, false), + LD_ENV_DESC(LIBRARY_PATH, true, true), + LD_ENV_DESC(LIBRARY_PATH_FDS, true, true), + LD_ENV_DESC(LIBMAP_DISABLE, true, false), + LD_ENV_DESC(BIND_NOT, true, false), + LD_ENV_DESC(DEBUG, true, true), + LD_ENV_DESC(ELF_HINTS_PATH, true, false), + LD_ENV_DESC(LOADFLTR, true, false), + LD_ENV_DESC(LIBRARY_PATH_RPATH, true, true), + LD_ENV_DESC(PRELOAD_FDS, true, false), + LD_ENV_DESC(DYNAMIC_WEAK, true, true), + LD_ENV_DESC(TRACE_LOADED_OBJECTS, false, false), + LD_ENV_DESC(UTRACE, false, true), + LD_ENV_DESC(DUMP_REL_PRE, false, true), + LD_ENV_DESC(DUMP_REL_POST, false, true), + LD_ENV_DESC(TRACE_LOADED_OBJECTS_PROGNAME, false, false), + LD_ENV_DESC(TRACE_LOADED_OBJECTS_FMT1, false, false), + LD_ENV_DESC(TRACE_LOADED_OBJECTS_FMT2, false, false), + LD_ENV_DESC(TRACE_LOADED_OBJECTS_ALL, false, false), + LD_ENV_DESC(SHOW_AUXV, false, false), + LD_ENV_DESC(STATIC_TLS_EXTRA, false, false), + LD_ENV_DESC(NO_DL_ITERATE_PHDR_AFTER_FORK, false, false), }; const char * @@ -6326,6 +6335,41 @@ } } +const char * +rtld_get_effective_env_var(const char *name) +{ + const struct ld_env_var_desc *lvd; + u_int i; + + for (i = 0; i < nitems(ld_env_vars); i++) { + lvd = &ld_env_vars[i]; + if (strcmp(lvd->n, name) == 0) + return (lvd->val); + } + return (NULL); +} + +int +rtld_set_effective_env_var(const char *name, const char *val) +{ + struct ld_env_var_desc *lvd; + u_int i; + + for (i = 0; i < nitems(ld_env_vars); i++) { + lvd = &ld_env_vars[i]; + if (strcmp(lvd->n, name) != 0) + continue; + if (!lvd->can_update || (lvd->unsecure && !trust)) + return (EPERM); + if (lvd->owned) + free(__DECONST(char *, lvd->val)); + lvd->val = xstrdup(val); + lvd->owned = true; + return (0); + } + return (ENOENT); +} + /* * Overrides for libc_pic-provided functions. */ diff --git a/sys/sys/link_elf.h b/sys/sys/link_elf.h --- a/sys/sys/link_elf.h +++ b/sys/sys/link_elf.h @@ -93,10 +93,12 @@ __BEGIN_DECLS typedef int (*__dl_iterate_hdr_callback)(struct dl_phdr_info *, size_t, void *); -extern int dl_iterate_phdr(__dl_iterate_hdr_callback, void *); +int dl_iterate_phdr(__dl_iterate_hdr_callback, void *); int _rtld_addr_phdr(const void *, struct dl_phdr_info *); int _rtld_get_stack_prot(void); int _rtld_is_dlopened(void *); +const char *rtld_get_effective_env_var(const char *name); +int rtld_set_effective_env_var(const char *name, const char *val); #ifdef __ARM_EABI__ void * dl_unwind_find_exidx(const void *, int *);