Subject: Re: RelCache (aka ELF prebinding) news
To: der Mouse <mouse@Rodents.Montreal.QC.CA>
From: Thor Lancelot Simon <tls@rek.tjls.com>
List: tech-kern
Date: 12/03/2002 15:53:43
On Tue, Dec 03, 2002 at 08:52:01PM +0100, der Mouse wrote:
> > I think it's unlikely that you've got 64K distinct .so files that
> > you've ever mmaped into an executable.
> 
> I agree.  Until approximately now, it was not clear to me that this
> checsumming sil^Wthing applied only to .so files.
> 
> > (I saw no suggestion that cache info for libraries that have gone MIA
> > would be retained, and nobody else's system does this AFAICT; I just
> > looked at several).
> 
> I saw no mechanism to get rid of outdated cache info mentioned.

Obviously, you shoot down old cache entries when you discover that any
of the tags (checksum, file size, mod time, other metadata) don't match.
In a given executable's load path, there can only be _one_ current
resolution of a given dependency, and if it doesn't match, you invalidate
the cache entry you've got now and make a new one.

This is how other folks' prebinding implementations for Unix (including
the original SGI one, which is the first one for ELF of which I'm aware)
appear to work, and it works well.

> I wouldn't go that far.  Depending on the consequences of a collision,
> we have to also consider the possibility of someone deliberately trying
> to construct a file so as to collide, in which case a whole lot of
> things change.  CRCs are useless under such circumstances, for example.

This is _not_ a tamper-resistance nor tamper-detection mechanism.  The
sole purpose of CRC here is to supply a (hopefully) unique identifier
for the shared object.  Thus deliberate construction of collisions (which
we know to be trivial for CRC) isn't really within the scope of what we
care about.

-- 
 Thor Lancelot Simon	                                      tls@rek.tjls.com
   But as he knew no bad language, he had called him all the names of common
 objects that he could think of, and had screamed: "You lamp!  You towel!  You
 plate!" and so on.              --Sigmund Freud