bug-libtool
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

libltdl is inefficient and a security hazard

From: Bob Friesenhahn
Subject: libltdl is inefficient and a security hazard
Date: Fri, 23 Oct 2009 20:16:00 -0500 (CDT)
User-agent: Alpine 2.01 (GSO 1266 2009-07-14)
I noticed that testing a modules build of my program (GraphicsMagick) shows poor performance (over 4X slower than a static build) under Solaris 10. The modules are opened via the ".la" files and the associated ".so" file is in the same directory.
Curious to know the cause of the poor performance, I did a truss (actually dtruss) and found that there are a massive number of failed stat calls which get repeated over and over. Some of them are downright silly. 12 stat calls were performed before testing the directory where the .la file is installed. The content of the .la file seems to be read twice.
It seems that some of this poor behavior is because libltdl is attempting to iteratively load all of the dependencies for each dependency library, even if they were already loaded. The obvious place to find the module file is checked last. It performs the same tests over and over even though it could know where it found the library before (and know that it was already loaded) if it were to maintain a cache.
Besides a lack of efficiency, libltdl's silly checking of directories other than where it was supposed to look in the first place causes a security hazard.
Here is a scrap of sample log (based on installed software) showing where it is trying to load a ".a" file as a loadable module under Solaris (maybe ok for AIX, but not for Solaris or most other systems). See the attached compressed file for a full log. 

open64("/usr/local/lib/GraphicsMagick-1.4/modules-Q16/coders/null.la\0", 0x0, 
0x1B6)             = 3 0
brk(0x8067530)           = 0 0
brk(0x8069530)           = 0 0
fstat64(0x3, 0x803F750, 0x8069528)               = 0 0
fstat64(0x3, 0x803F690, 0x0)             = 0 0
ioctl(0x3, 0x5401, 0x803F724)            = -1 Err#25
read(0x3, "# null.la - a libtool library file\n# Generated by ltmain.sh (GNU 
libtool) 2.2.6\n#\n# Please DO NOT delete this file!\n# It is necessary for linking the 
library.\n\n# The name that we can dlopen(3).\ndlname='null.so'\n\n# Names of this 
library.\nlibrary_names='null", 0x600)               = 1236 0
read(0x3, "# null.la - a libtool library file\n# Generated by ltmain.sh (GNU 
libtool) 2.2.6\n#\n# Please DO NOT delete this file!\n# It is necessary for linking the 
library.\n\n# The name that we can dlopen(3).\ndlname='null.so'\n\n# Names of this 
library.\nlibrary_names='null", 0x600)               = 0 0
llseek(0x3, 0x0, 0x0)            = 1236 0
close(0x3)               = 0 0
stat64("/home/bfriesen/build/GraphicsMagick-16-modules/magick/.libs/null.a\0", 
0x803EF70, 0x0)           = -1 Err#2
stat64("/usr/local/lib/null.a\0", 0x803EF70, 0xFFFFFFFF)                 = -1 
Err#2
stat64("/usr/local/lib/gcc/i386-pc-solaris2.10/4.3.4/null.a\0", 0x803EF70, 
0xFFFFFFFF)           = -1 Err#2
stat64("/usr/local/lib/null.a\0", 0x803EF70, 0xFFFFFFFF)                 = -1 
Err#2
stat64("/usr/local/lib/gcc/i386-pc-solaris2.10/4.3.4/null.a\0", 0x803EF70, 
0xFFFFFFFF)           = -1 Err#2
stat64("/usr/openwin/lib/null.a\0", 0x803EF70, 0xFFFFFFFF)               = -1 
Err#2
stat64("/lib/null.a\0", 0x803EF70, 0xFFFFFFFF)           = -1 Err#2
stat64("/usr/lib/null.a\0", 0x803EF70, 0xFFFFFFFF)               = -1 Err#2
stat64("/usr/openwin/lib/null.a\0", 0x803EF70, 0xFFFFFFFF)               = -1 
Err#2
stat64("/usr/local/lib/null.a\0", 0x803EF70, 0xFFFFFFFF)                 = -1 
Err#2
stat64("/usr/sfw/lib/null.a\0", 0x803EF70, 0xFFFFFFFF)           = -1 Err#2
stat64("/usr/local/lib/GraphicsMagick-1.4/modules-Q16/coders/null.so\0", 
0x803EF70, 0xFFFFFFFF)          = 0 0
resolvepath("/usr/local/lib/GraphicsMagick-1.4/modules-Q16/coders/null.so\0", 
0x803F040, 0x3FF)          = 60 0
open("/usr/local/lib/GraphicsMagick-1.4/modules-Q16/coders/null.so\0", 0x0, 
0x0)                 = 3 0
mmap(0x10000, 0x8000, 0x5)               = -21692416 0
mmap(0x10000, 0x12000, 0x0)              = -25165824 0
mmap(0xFE800000, 0xFAC, 0x5)             = -25165824 0
mmap(0xFE810000, 0x11A0, 0x7)            = -25100288 0
munmap(0xFE801000, 0xF000)               = 0 0
memcntl(0xFE800000, 0x7EC, 0x4)          = 0 0
close(0x3)               = 0 0

Bob
--
Bob Friesenhahn
address@hidden, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

Attachment: module-load-truss.log.gz
Description: Binary data

reply via email to
[Prev in Thread] Current Thread [Next in Thread]