Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1439351

Summary: [LLNL 7.5 FEAT] RFE create an option to permanently link in audit library into an executable (binutils)
Product: Red Hat Enterprise Linux 7 Reporter: Ben Woodard <woodard>
Component: binutilsAssignee: Nick Clifton <nickc>
Status: CLOSED ERRATA QA Contact: Miloš Prchlík <mprchlik>
Severity: medium Docs Contact:
Priority: medium    
Version: 7.4CC: ashankar, bgollahe, codonell, fweimer, glibc-bugzilla, law, legendre1, mcermak, mnewsome, mprchlik, pfrankli, qe-baseos-tools-bugs, tgummels, woodard
Target Milestone: rcKeywords: FutureFeature
Target Release: 7.6   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: binutils-2.27-29.base.el7 Doc Type: Enhancement
Doc Text:
Feature: Add support for the GLOBALAUDIT tag in the dynamic section created by the linker. Reason: This tag will allow the loader to be informed of dynamic objects that should be loaded and run before the executable itself is loaded. Result: Support for the GLOBALAUDIT feature is now implemented in the linker. A change to the loader is still needed.
 Story Points: ---
Clone Of: 1439350
: 1566146 (view as bug list) Environment:
Last Closed: 2018-10-30 07:50:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1265827    
Bug Blocks: 1562804, 1565233, 1566146    
Attachments:
Description Flags
Proposed patch none

Description Ben Woodard 2017-04-05 18:59:45 UTC 
+++ This bug was initially created as a clone of Bug #1439350 +++

Description of problem:
At LLNL there are computational physicists who design interesting data sets that explore interest physics but who are not computer scientists. They run applications provided to them by computer scientists whose job is to implement the physics and make the binaries. The people who write and compile the programs are different than the people who generally run them.

The tools team at the lab generally would like to work the the computer scientists to provide tools that do various things. Several of their tools end up being implementable as audit libraries. One example is spindle http://computation.llnl.gov/projects/spindle another example is the common practice of wrapping library functions. In static cases wrapping can be done with LD_PRELOAD but to generalize the capability making it into an audit library that replaces the symbol and then calls the original is more effective.

In these cases the tools people want to work with the computer scientists and have them simply link in a tool library which is an audit library. An interface something like:

ld -faudit audit_lib.so foo.o bar.o -l libfoo.so ... -o exe

So that an original computer scientist can permanently have an audit lib loaded when the executable is run as if it were run like:

LD_AUDIT=audit_lib.so exe args...

ld.so would see the DT_NEEDED with some magic flag somewhere which says that this should be loaded as an audit library and dlmopened first and called the same way and the same times as if it were specified in the LD_AUDIT environment variable. This way it can replace the functions the way that spindle does or wrap the functions as needed.

This would require a new option to ld to specify the audit libraries to be linked in. That is more of a binutils feature. However, it would also require a change to ld.so which is part of glibc.

Additional info:

1) multiple audit libraries may be specified.
2) it is important that debuggers are able to debug code that is brought in through these audit libraries. Thus tools like GDB need to be able to find the link maps and enumerate the symbols in libraries which are brought in this way.

--- Additional comment from Red Hat Bugzilla Rules Engine on 2017-04-05 14:57:48 EDT ---

Since this bug report was entered in Red Hat Bugzilla, the release flag has been set to ? to ensure that it is properly evaluated for this release.
Comment 2 Nick Clifton 2017-04-07 08:01:48 UTC 
Hi Ben,

  My first thought is - is this really necessary ?  Given that the desired effect can be achieved by using LD_AUDIT on the command line, why not just bundle that up into a small script and have the computer scientists run that ?

  My second thought is that the "common practice of wrapping library functions" can be achieved with the already existing --wrap static linker command line option, so maybe that could be used instead ?  (I appreciate that this would not work for spindle though).

  My third thought is that if we are going to add this functionality to the static and dynamic linkers then we are going to need to come up with a proper specification for it, get people like Intel and IBM on board, and then add it to the gABI.  This can be done, but it probably won't be quick.

  My last thought is - could this feature be used maliciously ?  For example could an attacker use it replace existing, thought-to-be-safe binaries with their own "enhanced" versions which do something on the side ?  If so, then do we need to involve the security team as well ?

Cheers
  Nick
Comment 3 Ben Woodard 2017-05-02 01:22:37 UTC 
Nick,
After long experience with the current capabilities of LD_AUDIT, the customer does believe that this is a necessary feature. While conceivably UNIX and Linux could function with only a simple read(2) syscall, experience has show that while parsimony is a virtue, the diversity of use cases has led to readv, pread, mmap'd IO with blocking, non-blocking, signal driven IO... The point is minimalism is doesn't always allow needed expressivity to achieve optimal performance and therefore productively. 

I'm going to make the assertion that this is a well considered request made by well seasoned professionals with combined decades of experience who are familiar with the alternatives made an explicit request.

I didn't see this coming and my first thought was to suggesting wrapping things in scripts like you suggested. However with parallel job launchers setting up the MPI fabric and starting up the applications on the compute nodes and giving them ranks, it isn't quite as simple just wrapping everything in a script. When you combine that with the organizational and the various capabilities of people providing different skills to the overall endeavor, the need for this becomes more obviously necessary.
Comment 4 Carlos O'Donell 2017-05-02 10:35:59 UTC 
This is needed. There are many cases where environment variables cannot be passed down for design reasons.

As noted here: https://bugzilla.redhat.com/show_bug.cgi?id=1439350#c2

A Solaris design already exists for this.

https://docs.oracle.com/cd/E19120-01/open.solaris/819-0690/gfido/index.html

e.g. -Wl,-Paudit.so.1 -z globalaudit

And we have ELF DT_* entries for this already in binutils. We'd just have to wire up that support in Linux so the dynamic loader can use it.
Comment 9 Nick Clifton 2017-08-14 13:55:55 UTC 
Created attachment 1313181 [details]
Proposed patch

This is the patch that will implement the required functionality in the binutils.

When this BZ gets its three ACKs I will add it to the rpm.
Comment 12 Nick Clifton 2018-04-11 16:15:59 UTC 
Right - the binutils part of the patch is now in: binutils-2.27-29.base.el7
Comment 14 Miloš Prchlík 2018-08-14 15:19:23 UTC 
Verified with build binutils-2.27-34.base.el7.
Comment 16 errata-xmlrpc 2018-10-30 07:50:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHSA-2018:3032