Merge pull request #41429 from ClickHouse/forbid-dlopen-2

Forbid invocations of `dlopen`
This commit is contained in:
Alexey Milovidov 2022-09-18 07:05:56 +03:00 committed by GitHub
commit 32efe6952e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 39 additions and 1 deletions

View File

@ -402,6 +402,36 @@ void checkHarmfulEnvironmentVariables(char ** argv)
} }
/// Don't allow dlopen in the main ClickHouse binary, because it is harmful and insecure.
/// We don't use it. But it can be used by some libraries for implementation of "plugins".
/// We absolutely discourage the ancient technique of loading
/// 3rd-party uncontrolled dangerous libraries into the process address space,
/// because it is insane.
extern "C"
{
void * dlopen(const char *, int)
{
return nullptr;
}
void * dlmopen(long, const char *, int) // NOLINT
{
return nullptr;
}
int dlclose(void *)
{
return 0;
}
const char * dlerror()
{
return "ClickHouse does not allow dynamic library loading";
}
}
/// This allows to implement assert to forbid initialization of a class in static constructors. /// This allows to implement assert to forbid initialization of a class in static constructors.
/// Usage: /// Usage:
/// ///

View File

@ -14,6 +14,7 @@
#include <cstdlib> #include <cstdlib>
#include <unistd.h> #include <unistd.h>
#include <sys/mman.h> #include <sys/mman.h>
#include <dlfcn.h>
namespace DB namespace DB
@ -25,6 +26,7 @@ namespace ErrorCodes
extern const int ILLEGAL_TYPE_OF_ARGUMENT; extern const int ILLEGAL_TYPE_OF_ARGUMENT;
extern const int BAD_ARGUMENTS; extern const int BAD_ARGUMENTS;
extern const int CANNOT_ALLOCATE_MEMORY; extern const int CANNOT_ALLOCATE_MEMORY;
extern const int CANNOT_DLOPEN;
} }
@ -136,7 +138,7 @@ public:
} }
else if (mode == "access context") else if (mode == "access context")
{ {
(void)context.getCurrentQueryId(); (void)context->getCurrentQueryId();
} }
else if (mode == "stack overflow") else if (mode == "stack overflow")
{ {
@ -166,6 +168,12 @@ public:
maps.push_back(map); maps.push_back(map);
} }
} }
else if (mode == "dlopen")
{
void * handle = dlopen("libc.so.6", RTLD_NOW);
if (!handle)
throw Exception(ErrorCodes::CANNOT_DLOPEN, "Cannot dlopen: ({})", dlerror()); // NOLINT(concurrency-mt-unsafe) // MT-Safe on Linux, see man dlerror
}
else else
throw Exception("Unknown trap mode", ErrorCodes::BAD_ARGUMENTS); throw Exception("Unknown trap mode", ErrorCodes::BAD_ARGUMENTS);
} }