mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-03 13:02:00 +00:00
Merge pull request #41429 from ClickHouse/forbid-dlopen-2
Forbid invocations of `dlopen`
This commit is contained in:
commit
32efe6952e
@ -402,6 +402,36 @@ void checkHarmfulEnvironmentVariables(char ** argv)
|
||||
}
|
||||
|
||||
|
||||
/// Don't allow dlopen in the main ClickHouse binary, because it is harmful and insecure.
|
||||
/// We don't use it. But it can be used by some libraries for implementation of "plugins".
|
||||
/// We absolutely discourage the ancient technique of loading
|
||||
/// 3rd-party uncontrolled dangerous libraries into the process address space,
|
||||
/// because it is insane.
|
||||
|
||||
extern "C"
|
||||
{
|
||||
void * dlopen(const char *, int)
|
||||
{
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
void * dlmopen(long, const char *, int) // NOLINT
|
||||
{
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
int dlclose(void *)
|
||||
{
|
||||
return 0;
|
||||
}
|
||||
|
||||
const char * dlerror()
|
||||
{
|
||||
return "ClickHouse does not allow dynamic library loading";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
/// This allows to implement assert to forbid initialization of a class in static constructors.
|
||||
/// Usage:
|
||||
///
|
||||
|
@ -14,6 +14,7 @@
|
||||
#include <cstdlib>
|
||||
#include <unistd.h>
|
||||
#include <sys/mman.h>
|
||||
#include <dlfcn.h>
|
||||
|
||||
|
||||
namespace DB
|
||||
@ -25,6 +26,7 @@ namespace ErrorCodes
|
||||
extern const int ILLEGAL_TYPE_OF_ARGUMENT;
|
||||
extern const int BAD_ARGUMENTS;
|
||||
extern const int CANNOT_ALLOCATE_MEMORY;
|
||||
extern const int CANNOT_DLOPEN;
|
||||
}
|
||||
|
||||
|
||||
@ -136,7 +138,7 @@ public:
|
||||
}
|
||||
else if (mode == "access context")
|
||||
{
|
||||
(void)context.getCurrentQueryId();
|
||||
(void)context->getCurrentQueryId();
|
||||
}
|
||||
else if (mode == "stack overflow")
|
||||
{
|
||||
@ -166,6 +168,12 @@ public:
|
||||
maps.push_back(map);
|
||||
}
|
||||
}
|
||||
else if (mode == "dlopen")
|
||||
{
|
||||
void * handle = dlopen("libc.so.6", RTLD_NOW);
|
||||
if (!handle)
|
||||
throw Exception(ErrorCodes::CANNOT_DLOPEN, "Cannot dlopen: ({})", dlerror()); // NOLINT(concurrency-mt-unsafe) // MT-Safe on Linux, see man dlerror
|
||||
}
|
||||
else
|
||||
throw Exception("Unknown trap mode", ErrorCodes::BAD_ARGUMENTS);
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user