ld.so.preload of libmediaclient.so is *very* harmful

[Markus Rechberger]

On Fri, Feb 4, 2011 at 6:43 AM, Andrew Bartlett <abartlet at samba.org> wrote:
> On Fri, 2011-02-04 at 04:39 +0000, Markus Rechberger wrote:
>> Andrew Bartlett <abartlet <at> samba.org> writes:
>>
>> >
>> > On Thu, 2011-02-03 at 13:28 +0100, c.hoffmann <at> bnet.at wrote:
>> > > Could finish provision!
>> > > There was a problem with the libmediaclient.so which is installed with the
>> > > driver for my tv-card (sundtek) I am using.
>> > > Deinstalled the driver and did provision again, this time it worked!
>> > > Reinstall the driver and it hopefully does not interfere with samba4.
>> > >
>> > > br
>> >
>> > After a very good guess by tridge, I found:
>> > http://www.sundtek.com/support/install.sh.txt
>> >
>> > This script, which I presume you used, modifies /etc/ld.so.preload, and
>> > causes libmediaclient.so to be preloaded into every single process on
>> > the system.  Any process that calls net_read() will call into your TV
>> > card driver, and will break badly.
>
>> As we had the discussion, this discussion came up in our forums as well, the
>> problem is some users are not very familiar with the console and that's the
>> reason why it is set globally.
>
> Markus,
>
> I'm sorry, but that is still no excuse.  The global /etc/ld.so.preload
> should never, ever be used as the standard way of installing anything.
> Imagine if multiple drivers decided that was the right way to operate?

We would try to cowork with such projects then.

> Which would come first, how would you debug their interactions, and how
> would we ever keep a Linux system stable?
>
>> If issues come up and are reported to us we take
>> care about them.
>
> I really think this is the wrong way around.  You are essentially doing
> a binary insertion of your code into every single process on the system,
> and just hoping that you emulate the applications expected behaviour of
> 42 different symbols.  This includes overriding functions that are
> internal to the application - they could do anything, so there is no way
> to know what is 'right'.
>

Do you know what system drivers are for?
Did you ever have the idea that a devicedriver is available systemwide
to every application and
if something's wrong in a kernelmodule the entire system is affected as well?
Or if an appilcation issues a read() it will be passed further to
kernelspace and if something
bad happens there that the entire system might be stuck?

>> The reason for all that is that the preloading mechanism provides very high
>> backward compatibility (one compiled driver works with Linux 2.6.18+), it avoids
>> the need of having to compile drivers. And since updating the drivers also works
>> very quick customers can easily handle this.
>
> That it is easy does not make it right.  This is the wrong way to
> develop any kind of Linux driver, no matter how specialised or now
>
> If you want to make this easy for your users, then do it properly, and
> get the distributors to include it in the default driver set.  That way,
> anyone can use it, right out of the box.
>

Your definition of easy does not apply to other people.

>> Last but not least we'll take over fixing this of course.
>
> So you will stop using ld.so.preload?  I'm sorry, but that is the only
> real fix to this problem.
>
>> Andrew, sorry for wasting your time with this.
>
> What we need, as I understand tridge has already said, is for you to
> ensure that your code is never again inserted into an unrelated process.
> How you do that is up up to you, but while this mechanism is used, this
> will break again.
>
> I'm sorry to have to be so harsh about this, on top of tridge's blog
> post http://blog.tridgell.net/?p=141 but pulling tricks like this
> pollutes the Linux landscape for everyone else.
>
> I understand it if you think that if someone has your TV stick
> installed, that they must be a media PC, and so you can 'safely' pull
> tricks like this, but as our reporter has shown, you can never know what
> software will be co-installed.  The only way to make this whole system
> work is for us all to live by the rules.
>


Seems like you're crying for nothing, tried to call your mom?

Markus