tech-toolchain archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: RT linker, rpath and security
Le Thu, May 11, 2023 at 09:45:07AM -0400, Greg Troxel a écrit :
>[...]
> - Examine what pkgsrc is doing already. I would not be surprised to
> find that if a binary gets built with an RPATH outside of pkgsrc
> (and not base X and base base) that this is an error, but maybe only
> in developer mode. This might also surface some interesting data.
FWIW (I have started to work on a utility to check), here is an example
of something that could perhaps be an incentive to look at the problem
more closely:
$ readelf -d /usr/pkg/sbin/visudo | egrep "NEEDED|RPATH"
0x0000000000000001 (NEEDED) Shared library: [libc.so.12]
0x000000000000000f (RPATH) Library rpath: [/usr/pkg/lib]
visudo depends only on the system libc (I'm on NetBSD 9.3) and
loads the dynshared /usr/pkg/libexec/sudo_noexec.so (the full path is
given) but still there is a rpath registered pointing to /usr/pkg/lib.
If a package would be installing a libc.so.12 under /usr/pkg/lib, this
one will be used instead of the system one.
This is the kind of "devil in the details" that could be worth looking
at.
--
Thierry Laronde <tlaronde +AT+ polynum +dot+ com>
http://www.kergis.com/
http://kertex.kergis.com/
Key fingerprint = 0FF7 E906 FBAF FE95 FD89 250D 52B1 AE95 6006 F40C
Home |
Main Index |
Thread Index |
Old Index