public inbox for glibc-bugs@sourceware.org
help / color / mirror / Atom feed
* [Bug libc/11570] New: RPATH $ORIGIN fails in programs with capabilities set
@ 2010-05-05 13:43 david dot lloyd at redhat dot com
2010-05-05 13:46 ` [Bug libc/11570] " drepper at redhat dot com
0 siblings, 1 reply; 2+ messages in thread
From: david dot lloyd at redhat dot com @ 2010-05-05 13:43 UTC (permalink / raw)
To: glibc-bugs
Executable files with an RPATH which contains $ORIGIN fail to dynamically link
when a capability is set on the file. Rather than replacing $ORIGIN as
expected, the string $ORIGIN is preserved as-is in the search path. The only
workaround I am aware of is to use a program like patchelf to manually expand
the value first.
There is a self-contained test case here:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/565002
Also related is this Java bug:
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=6919633
The common practical difficulty is that this makes it impossible for Java to be
granted CAP_NET_BIND_SERVICE.
--
Summary: RPATH $ORIGIN fails in programs with capabilities set
Product: glibc
Version: 2.10
Status: NEW
Severity: normal
Priority: P2
Component: libc
AssignedTo: drepper at redhat dot com
ReportedBy: david dot lloyd at redhat dot com
CC: glibc-bugs at sources dot redhat dot com
http://sourceware.org/bugzilla/show_bug.cgi?id=11570
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
* [Bug libc/11570] RPATH $ORIGIN fails in programs with capabilities set
2010-05-05 13:43 [Bug libc/11570] New: RPATH $ORIGIN fails in programs with capabilities set david dot lloyd at redhat dot com
@ 2010-05-05 13:46 ` drepper at redhat dot com
0 siblings, 0 replies; 2+ messages in thread
From: drepper at redhat dot com @ 2010-05-05 13:46 UTC (permalink / raw)
To: glibc-bugs
------- Additional Comments From drepper at redhat dot com 2010-05-05 13:45 -------
That's expected. Don't use $ORIGIN for anything security sensitive.
--
What |Removed |Added
----------------------------------------------------------------------------
Status|NEW |RESOLVED
Resolution| |INVALID
http://sourceware.org/bugzilla/show_bug.cgi?id=11570
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2010-05-05 13:46 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2010-05-05 13:43 [Bug libc/11570] New: RPATH $ORIGIN fails in programs with capabilities set david dot lloyd at redhat dot com
2010-05-05 13:46 ` [Bug libc/11570] " drepper at redhat dot com
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).