[cap-talk] Plash: the Principle of Least Authority Shell

Mark Seaborn seaborn at cs.jhu.edu
Thu Dec 16 18:43:40 EST 2004


Jed at Webstart <donnelley1 at webstart.com> wrote:

> At 09:13 AM 12/12/2004, Mark Seaborn wrote:
> >Jed at Webstart <donnelley1 at webstart.com> wrote:
> >...
> > > I wonder if Oracle (or perhaps more relevantly commands like
> > > sqlplus) would actually run under Plash?  Hmmm.
> >
> >You can find out what it dynamically links with by running
> >"ldd <executable-pathname>".
> 
> bash-2.05$ which oracle
> /opt/app/oracle/product/9.2.0/bin/oracle
> bash-2.05$ ldd /opt/app/oracle/product/9.2.0/bin/oracle
>          libodm9.so => /opt/app/oracle/product/9.2.0/lib/libodm9.so 
> (0x40018000)
>          libskgxp9.so => /opt/app/oracle/product/9.2.0/lib/libskgxp9.so 
> (0x4001a000)
>          libskgxn9.so => /opt/app/oracle/product/9.2.0/lib/libskgxn9.so 
> (0x4001d000)
>          libjox9.so => /opt/app/oracle/product/9.2.0/lib/libjox9.so 
> (0x40020000)
>          libdl.so.2 => /lib/libdl.so.2 (0x40429000)
>          libm.so.6 => /lib/i686/libm.so.6 (0x4042e000)
>          libpthread.so.0 => /lib/i686/libpthread.so.0 (0x40451000)
>          libnsl.so.1 => /lib/libnsl.so.1 (0x40482000)
>          libc.so.6 => /lib/i686/libc.so.6 (0x40498000)
>          /lib/ld-linux.so.2 => /lib/ld-linux.so.2 (0x40000000)
> bash-2.05$
> 
> Is there any way to tell from the above whether there is something missing
> from the above that would cause a problem?
> 
> It looks like it dynamically loads libc.so.6.  Does that suffice?

There's nothing there that says it won't work.  The main thing is that
it has to link with libc.so.6, the non-TLS version.  (The TLS version
is /lib/tls/libc.so.6.  The New Posix Thread Library (NPTL) uses TLS
(thread local storage), and I haven't tried compiling a version of
libc with TLS or NPTL yet.)

The next question is how the program behaves at runtime.  eg. Some
system calls are not yet implemented in Plash.  If the program expects
to be able to open directories using open(), that's not implemented
either.  I also haven't made my additions to libc thread-safe yet.

There are a couple of bugs in the current version of Plash that mean
it probably won't work.  I've fixed them in a newer version that I'll
release in the next couple of days.

Mark


More information about the cap-talk mailing list