From 46fa1044195ed1e98f3b27cadbad4f8153f7977d Mon Sep 17 00:00:00 2001 From: Ophestra Date: Fri, 14 Nov 2025 21:53:10 +0900 Subject: [PATCH] ldd: require absolute pathname The sandbox which ldd(1) runs in does not inherit parent work directory, so relative pathnames will not work correctly. While it is trivial to support such a use case, the use of relative pathnames is highly error-prone and generally frowned against in this project. The Exec function remains available under the same signature until v0.4.0 where it will be removed. Signed-off-by: Ophestra --- ldd/exec.go | 34 ++++++++++++++++++++++++++-------- ldd/exec_test.go | 5 +++-- 2 files changed, 29 insertions(+), 10 deletions(-) diff --git a/ldd/exec.go b/ldd/exec.go index 959a3f4..bbcf295 100644 --- a/ldd/exec.go +++ b/ldd/exec.go @@ -22,15 +22,21 @@ const ( msgStaticSuffix = ": Not a valid dynamic program" // msgStaticGlibc is a substring of the message printed to stderr by glibc on a statically linked program. msgStaticGlibc = "not a dynamic executable" + + // lddName is the file name of ldd(1) passed to exec.LookPath. + lddName = "ldd" + // lddTimeout is the maximum duration ldd(1) is allowed to ran for before it is terminated. + lddTimeout = 4 * time.Second ) -// Exec runs ldd(1) in a restrictive [container] and connects it to a [Decoder], returning resulting entries. -func Exec(ctx context.Context, msg message.Msg, p string) ([]*Entry, error) { - const ( - lddName = "ldd" - lddTimeout = 4 * time.Second - ) - +// Resolve runs ldd(1) in a strict sandbox and connects its stdout to a [Decoder]. +// +// The returned error has concrete type +// [exec.Error] or [check.AbsoluteError] for fault during lookup of ldd(1), +// [os.SyscallError] for fault creating the stdout pipe, +// [container.StartError] for fault during either stage of container setup. +// Otherwise, it passes through the return values of [Decoder.Decode]. +func Resolve(ctx context.Context, msg message.Msg, pathname *check.Absolute) ([]*Entry, error) { c, cancel := context.WithTimeout(ctx, lddTimeout) defer cancel() @@ -41,7 +47,7 @@ func Exec(ctx context.Context, msg message.Msg, p string) ([]*Entry, error) { return nil, err } - z := container.NewCommand(c, msg, toolPath, lddName, p) + z := container.NewCommand(c, msg, toolPath, lddName, pathname.String()) z.Hostname = "hakurei-" + lddName z.SeccompFlags |= seccomp.AllowMultiarch z.SeccompPresets |= std.PresetStrict @@ -86,3 +92,15 @@ func Exec(ctx context.Context, msg message.Msg, p string) ([]*Entry, error) { } return entries, decodeErr } + +// Exec runs ldd(1) in a restrictive [container] and connects it to a [Decoder], returning resulting entries. +// +// Deprecated: this function takes an unchecked pathname string. +// Relative pathnames do not work in the container as working directory information is not sent. +func Exec(ctx context.Context, msg message.Msg, pathname string) ([]*Entry, error) { + if a, err := check.NewAbs(pathname); err != nil { + return nil, err + } else { + return Resolve(ctx, msg, a) + } +} diff --git a/ldd/exec_test.go b/ldd/exec_test.go index a6d3a7e..8c35a90 100644 --- a/ldd/exec_test.go +++ b/ldd/exec_test.go @@ -7,6 +7,7 @@ import ( "testing" "hakurei.app/container" + "hakurei.app/container/check" "hakurei.app/ldd" "hakurei.app/message" ) @@ -17,7 +18,7 @@ func TestExec(t *testing.T) { t.Run("failure", func(t *testing.T) { t.Parallel() - _, err := ldd.Exec(t.Context(), nil, "/proc/nonexistent") + _, err := ldd.Resolve(t.Context(), nil, check.MustAbs("/proc/nonexistent")) var exitError *exec.ExitError if !errors.As(err, &exitError) { @@ -33,7 +34,7 @@ func TestExec(t *testing.T) { t.Run("success", func(t *testing.T) { msg := message.New(nil) msg.GetLogger().SetPrefix("check: ") - if entries, err := ldd.Exec(t.Context(), nil, container.MustExecutable(msg)); err != nil { + if entries, err := ldd.Resolve(t.Context(), nil, check.MustAbs(container.MustExecutable(msg))); err != nil { t.Fatalf("Exec: error = %v", err) } else if testing.Verbose() { // result cannot be measured here as build information is not known