View Issue Details

IDProjectCategoryView StatusLast Update
0002300unrealircdpublic2005-02-03 19:53
ReporterkronosAssigned Tosyzop 
PrioritynormalSeverityminorReproducibilityalways
Status resolvedResolutionfixed 
Product Version3.2.2 
Target VersionFixed in Version3.2.3 
Summary0002300: Modules are copied to temporary directory
DescriptionModules are copied to a temporary directory and then loaded from there, making it impossible to properly restrict access using RSBAC. (Any daemon should not be able to modify its own executables or libraries.)

There should be an option to load modules in-place without copying.
TagsNo tags attached.
3rd party modules

Activities

syzop

2005-01-23 17:23

administrator   ~0008903

Last edited: 2005-01-23 17:23

That would mean modules cannot be reloaded from disk on rehash.
I'm not exactly sure if we would want to implement this feature (probably quite a bit of work & only in very few cases useful) [read: I am not going to code it]

kronos

2005-01-23 17:35

reporter   ~0008904

Can you explain why the modules need to be copied before they can be reloaded?

syzop

2005-01-23 17:46

administrator   ~0008905

It's both complicated and simple.. it's not that they need to be copied before they can be reloaded.. it's that they need to be copied in the first place..
It all has to do with dlopen/dlclose caching and reference counts and Unreal's safe internal loading mechanism... which means: while we have f.e. mod1 loaded, and rehash, we open mod1 again.. to verify a few things [test/header/..] and then we unload the old mod1 and continue loading the new mod1..
problem is dlopen() uses reference counts so the 2nd dlopen will use the "old/original" module and not read the "new" one from disk. By copying the module over and use random names we evade this problem.
**
Actually, hardlinking would work too.. I forgot why we didn't do that, but it might solve your problem... Well, I'm not familiar with the security system you use but for example for systrace it would work, perhaps for grsecurity' RBAC as well but it could well be that they don't have a special link flag.

kronos

2005-01-23 17:51

reporter   ~0008906

Yes, hard-linking would solve the problem

syzop

2005-01-23 18:04

administrator   ~0008907

Good, then this will probably be done.

syzop

2005-02-03 19:53

administrator   ~0009012

Done in .253

Issue History

Date Modified Username Field Change
2005-01-23 17:15 kronos New Issue
2005-01-23 17:23 syzop Note Added: 0008903
2005-01-23 17:23 syzop Note Edited: 0008903
2005-01-23 17:35 kronos Note Added: 0008904
2005-01-23 17:46 syzop Note Added: 0008905
2005-01-23 17:51 kronos Note Added: 0008906
2005-01-23 18:04 syzop Note Added: 0008907
2005-01-24 20:57 syzop View Status public => private
2005-02-03 19:51 syzop View Status private => public
2005-02-03 19:53 syzop Status new => resolved
2005-02-03 19:53 syzop Fixed in Version => 3.2.3
2005-02-03 19:53 syzop Resolution open => fixed
2005-02-03 19:53 syzop Assigned To => syzop
2005-02-03 19:53 syzop Note Added: 0009012