From: Ulrich Drepper <drepper@redhat.com>
To: Ondrej Mosnacek <omosnace@redhat.com>,
Stephen Smalley <stephen.smalley.work@gmail.com>
Cc: William Roberts <bill.c.roberts@gmail.com>,
Stephen Smalley <sds@tycho.nsa.gov>,
Petr Lautrbach <plautrba@redhat.com>,
SElinux list <selinux@vger.kernel.org>
Subject: Re: Annotate Deprecated Functions in libselinux
Date: Thu, 27 Feb 2020 21:43:15 +0100 [thread overview]
Message-ID: <19b672ed-e4d6-5c14-6839-a9203690b7e1@redhat.com> (raw)
In-Reply-To: <CAFqZXNtRmp-TiNupX3xgOWiBYun4gK0E3TJcoo4-_b2RF2+Duw@mail.gmail.com>
[-- Attachment #1.1: Type: text/plain, Size: 1253 bytes --]
On 2/27/20 9:03 PM, Ondrej Mosnacek wrote:
> Ulrich, could you help us understand the macros you proposed to add to
> the SELinux libraries (probably a very long time ago)? Specifically,
> we are talking about those defined in "dso.h" header files such as
> this one [1]. See also GH issue 204 [2] for related discussion.
The use of the hidden infrastructure is not just a means to reduce
overhead in the form of PLTs. It also ensures that internals for the
library don't leak out. If calls between functions within the same DSO
use the PLT they can be intercepted by DSO earlier in the search path of
the dynamic linker. This can have unwanted consequences.
I advise that this isn't changed. The infrastructure to do this should
change, though. You could look at the code glibc uses today. The
functionality is still there, just slightly changed.
An alternative is to use gcc's -fno-semantic-interposition option. This
should ensure that PLT entries are avoided. For Python this was used to
achieve significant speedups due to the PLT reduction. I know you don't
care about speed that much but this is a way to achieve it. Python uses
LTO but since the compiler is told about the symbol use there are not
problems.
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]
next prev parent reply other threads:[~2020-02-27 20:43 UTC|newest]
Thread overview: 97+ messages / expand[flat|nested] mbox.gz Atom feed top
2020-02-25 20:02 Annotate Deprecated Functions in libselinux bill.c.roberts
2020-02-25 20:02 ` [PATCH 01/17] security_load_booleans: update return comment bill.c.roberts
2020-02-25 20:02 ` [PATCH 02/17] selinux_booleans_path: annotate deprecated bill.c.roberts
2020-02-25 20:02 ` [PATCH 03/17] " bill.c.roberts
2020-02-25 20:02 ` [PATCH 04/17] selinux_users_path: " bill.c.roberts
2020-02-25 20:02 ` [PATCH 05/17] rpm_execcon: " bill.c.roberts
2020-02-25 20:02 ` [PATCH 06/17] sidget: " bill.c.roberts
2020-02-25 20:02 ` [PATCH 07/17] sidput: " bill.c.roberts
2020-02-25 20:02 ` [PATCH 08/17] checkPasswdAccess: " bill.c.roberts
2020-02-25 20:58 ` Stephen Smalley
2020-02-25 20:02 ` [PATCH 09/17] matchpathcon_init: " bill.c.roberts
2020-02-25 20:02 ` [PATCH 10/17] matchpathcon_fini: " bill.c.roberts
2020-02-25 20:02 ` [PATCH 11/17] matchpathcon: " bill.c.roberts
2020-02-25 20:02 ` [PATCH 12/17] avc_init: " bill.c.roberts
2020-02-25 20:02 ` [PATCH 13/17] src/selinux_internal.h: fix hidden_proto indents bill.c.roberts
2020-02-25 20:02 ` [PATCH 14/17] selinux_internal.h: disable warnings on deprecated bill.c.roberts
2020-02-25 20:02 ` [PATCH 15/17] avc_open: mark allowed use of avc_init bill.c.roberts
2020-02-25 20:02 ` [PATCH 16/17] src/matchpathcon: allow use of deprecated funcs bill.c.roberts
2020-02-25 20:02 ` [PATCH 17/17] utils/matchpathcon: " bill.c.roberts
2020-02-25 20:51 ` Annotate Deprecated Functions in libselinux Stephen Smalley
2020-02-25 21:06 ` William Roberts
2020-02-27 18:41 ` William Roberts
2020-02-27 19:48 ` Stephen Smalley
2020-02-27 20:03 ` Ondrej Mosnacek
2020-02-27 20:10 ` William Roberts
2020-02-27 20:24 ` Stephen Smalley
2020-02-27 20:43 ` Ulrich Drepper [this message]
2020-02-27 21:05 ` William Roberts
2020-02-27 21:13 ` Stephen Smalley
2020-02-27 21:18 ` William Roberts
2020-02-27 21:32 ` Stephen Smalley
2020-02-27 21:34 ` William Roberts
2020-02-27 21:19 ` Ulrich Drepper
2020-02-27 21:31 ` William Roberts
2020-04-16 15:43 ` bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 01/18] security_load_booleans: update return comment bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 02/18] security_load_booleans: annotate deprecated bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 03/18] selinux_booleans_path: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 04/18] selinux_users_path: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 05/18] rpm_execcon: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 06/18] sidget: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 07/18] sidput: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 08/18] checkPasswdAccess: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 09/18] matchpathcon_init: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 10/18] matchpathcon_fini: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 11/18] matchpathcon: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 12/18] avc_init: " bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 13/18] avc: create internal avc_init interface bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 14/18] matchpathcon: create internal matchpathcon_fini interface bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 15/18] matchpathcon: create internal matchpathcon interface bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 16/18] selinux_check_passwd_access: annotate deprecated bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 17/18] utils: matchpathcon to use interal interfaces bill.c.roberts
2020-04-16 15:43 ` [PATCH v2 18/18] utils: matchpathcon add deprecated warning bill.c.roberts
2020-04-19 13:46 ` Annotate Deprecated Functions in libselinux Nicolas Iooss
2020-04-20 14:34 ` Roberts, William C
2020-04-20 15:45 ` [v3] " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 01/19] security_load_booleans: update return comment bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 02/19] security_load_booleans: annotate deprecated bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 03/19] selinux_booleans_path: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 04/19] selinux_users_path: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 05/19] rpm_execcon: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 06/19] sidget: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 07/19] sidput: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 08/19] checkPasswdAccess: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 09/19] matchpathcon_init: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 10/19] matchpathcon_fini: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 11/19] matchpathcon: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 12/19] avc_init: " bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 13/19] avc: create internal avc_init interface bill.c.roberts
2020-04-26 13:33 ` Nicolas Iooss
2020-04-26 15:53 ` William Roberts
2020-04-20 15:45 ` [PATCH v3 14/19] matchpathcon: create internal matchpathcon_fini interface bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 15/19] matchpathcon: create internal matchpathcon interface bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 16/19] selinux_check_passwd_access: annotate deprecated bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 17/19] matchpathcon: allow use of deprecated routines bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 18/19] utils: matchpathcon add deprecated warning bill.c.roberts
2020-04-20 15:45 ` [PATCH v3 19/19] Makefile: swig build allow deprecated functions bill.c.roberts
2020-04-27 20:22 ` [v4] Annotate Deprecated Functions in libselinux bill.c.roberts
2020-04-27 20:22 ` [PATCH v4 01/18] security_load_booleans: update return comment bill.c.roberts
2020-04-27 20:22 ` [PATCH v4 02/18] security_load_booleans: annotate deprecated bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 03/18] selinux_booleans_path: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 04/18] selinux_users_path: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 05/18] rpm_execcon: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 06/18] sidget: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 07/18] sidput: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 08/18] checkPasswdAccess: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 09/18] matchpathcon_init: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 10/18] matchpathcon_fini: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 11/18] matchpathcon: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 12/18] avc_init: " bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 13/18] avc: create internal avc_init interface bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 14/18] matchpathcon: create internal matchpathcon_fini interface bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 15/18] selinux_check_passwd_access: annotate deprecated bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 16/18] matchpathcon: allow use of deprecated routines bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 17/18] utils: matchpathcon add deprecated warning bill.c.roberts
2020-04-27 20:23 ` [PATCH v4 18/18] Makefile: swig build allow deprecated functions bill.c.roberts
2020-04-28 21:25 ` [v4] Annotate Deprecated Functions in libselinux Nicolas Iooss
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=19b672ed-e4d6-5c14-6839-a9203690b7e1@redhat.com \
--to=drepper@redhat.com \
--cc=bill.c.roberts@gmail.com \
--cc=omosnace@redhat.com \
--cc=plautrba@redhat.com \
--cc=sds@tycho.nsa.gov \
--cc=selinux@vger.kernel.org \
--cc=stephen.smalley.work@gmail.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.