mirror of
https://github.com/ClickHouse/ClickHouse.git
synced 2024-12-11 17:02:25 +00:00
Merge pull request #41429 from ClickHouse/forbid-dlopen-2
Forbid invocations of `dlopen`
This commit is contained in:
commit
32efe6952e
@ -402,6 +402,36 @@ void checkHarmfulEnvironmentVariables(char ** argv)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
/// Don't allow dlopen in the main ClickHouse binary, because it is harmful and insecure.
|
||||||
|
/// We don't use it. But it can be used by some libraries for implementation of "plugins".
|
||||||
|
/// We absolutely discourage the ancient technique of loading
|
||||||
|
/// 3rd-party uncontrolled dangerous libraries into the process address space,
|
||||||
|
/// because it is insane.
|
||||||
|
|
||||||
|
extern "C"
|
||||||
|
{
|
||||||
|
void * dlopen(const char *, int)
|
||||||
|
{
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
|
|
||||||
|
void * dlmopen(long, const char *, int) // NOLINT
|
||||||
|
{
|
||||||
|
return nullptr;
|
||||||
|
}
|
||||||
|
|
||||||
|
int dlclose(void *)
|
||||||
|
{
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
const char * dlerror()
|
||||||
|
{
|
||||||
|
return "ClickHouse does not allow dynamic library loading";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
/// This allows to implement assert to forbid initialization of a class in static constructors.
|
/// This allows to implement assert to forbid initialization of a class in static constructors.
|
||||||
/// Usage:
|
/// Usage:
|
||||||
///
|
///
|
||||||
|
@ -14,6 +14,7 @@
|
|||||||
#include <cstdlib>
|
#include <cstdlib>
|
||||||
#include <unistd.h>
|
#include <unistd.h>
|
||||||
#include <sys/mman.h>
|
#include <sys/mman.h>
|
||||||
|
#include <dlfcn.h>
|
||||||
|
|
||||||
|
|
||||||
namespace DB
|
namespace DB
|
||||||
@ -25,6 +26,7 @@ namespace ErrorCodes
|
|||||||
extern const int ILLEGAL_TYPE_OF_ARGUMENT;
|
extern const int ILLEGAL_TYPE_OF_ARGUMENT;
|
||||||
extern const int BAD_ARGUMENTS;
|
extern const int BAD_ARGUMENTS;
|
||||||
extern const int CANNOT_ALLOCATE_MEMORY;
|
extern const int CANNOT_ALLOCATE_MEMORY;
|
||||||
|
extern const int CANNOT_DLOPEN;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -136,7 +138,7 @@ public:
|
|||||||
}
|
}
|
||||||
else if (mode == "access context")
|
else if (mode == "access context")
|
||||||
{
|
{
|
||||||
(void)context.getCurrentQueryId();
|
(void)context->getCurrentQueryId();
|
||||||
}
|
}
|
||||||
else if (mode == "stack overflow")
|
else if (mode == "stack overflow")
|
||||||
{
|
{
|
||||||
@ -166,6 +168,12 @@ public:
|
|||||||
maps.push_back(map);
|
maps.push_back(map);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
else if (mode == "dlopen")
|
||||||
|
{
|
||||||
|
void * handle = dlopen("libc.so.6", RTLD_NOW);
|
||||||
|
if (!handle)
|
||||||
|
throw Exception(ErrorCodes::CANNOT_DLOPEN, "Cannot dlopen: ({})", dlerror()); // NOLINT(concurrency-mt-unsafe) // MT-Safe on Linux, see man dlerror
|
||||||
|
}
|
||||||
else
|
else
|
||||||
throw Exception("Unknown trap mode", ErrorCodes::BAD_ARGUMENTS);
|
throw Exception("Unknown trap mode", ErrorCodes::BAD_ARGUMENTS);
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user