From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from fulda116.server4you.de (mister-muffin.de [144.76.155.182]) by sourceware.org (Postfix) with ESMTP id 338BD3856DC3 for ; Wed, 12 Oct 2022 03:50:43 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 338BD3856DC3 Authentication-Results: sourceware.org; dmarc=none (p=none dis=none) header.from=mister-muffin.de Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=mister-muffin.de Received: from localhost (unknown [31.16.250.235]) by mister-muffin.de (Postfix) with ESMTPSA id CD9F6363 for ; Wed, 12 Oct 2022 05:50:41 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=mister-muffin.de; s=mail; t=1665546641; bh=qmcZ6K4gJnHgIi/CpIwp4yP9sqnOY8lXoknAmiVn0uI=; h=In-Reply-To:References:Subject:From:To:Date:From; b=V4LLLnyrtfdozmD1VRvCVkFTwp8F5f8Ki+DpGRls7tt9AlsNaKzcBckCRxzwbSg+q 1FaLZY13DFaMO/yWdnSwHXrRixgdR34q++VqQ7lGcR7mV2htWUTpAKM+7BqqCuqPYy AoJHkC7XzDQv4c94CR0nmp50AR9jDksvo47DkMFk= Content-Type: multipart/signed; micalg="pgp-sha512"; protocol="application/pgp-signature"; boundary="===============3999681936070413182==" MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: References: <20221011122053.1005166-1-josch@mister-muffin.de> Subject: Re: [PATCH] ldconfig: create /var/cache/ldconfig also with -r From: Johannes Schauer Marin Rodrigues To: libc-alpha@sourceware.org Date: Wed, 12 Oct 2022 05:50:41 +0200 Message-ID: <166554664124.1096741.9694830335625318209@localhost> User-Agent: alot/0.10 X-Spam-Status: No, score=-13.7 required=5.0 tests=BAYES_00,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,SPF_HELO_NONE,SPF_PASS,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: --===============3999681936070413182== Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Quoting Aurelien Jarno (2022-10-11 22:59:33) > On 2022-10-11 14:20, Johannes Schauer Marin Rodrigues wrote: > > Without the -r option, ldconfig creates /var/cache/ldconfig if it didn't > > exist yet. With the -r option, a non-existing /var/cache/ldconfig inside > > the chroot directory will *not* get created because chroot_canon() will > > return NULL if the path doesn't exist. This means that aux_cache_file > > will be set to NULL and save_aux_cache() doesn't get executed at the > > end. So instead of using chroot_canon() to prepending the chroot path, > > combine the paths manually. > > --- > > elf/ldconfig.c | 8 +++++--- > > 1 file changed, 5 insertions(+), 3 deletions(-) > >=20 > > diff --git a/elf/ldconfig.c b/elf/ldconfig.c > > index e6c24e71a4..da76dc31b8 100644 > > --- a/elf/ldconfig.c > > +++ b/elf/ldconfig.c > > @@ -1293,9 +1293,11 @@ main (int argc, char **argv) > > add_system_dir (LIBDIR); > > } > > =20 > > - const char *aux_cache_file =3D _PATH_LDCONFIG_AUX_CACHE; > > - if (opt_chroot !=3D NULL) > > - aux_cache_file =3D chroot_canon (opt_chroot, aux_cache_file); > > + char *aux_cache_file =3D (char *)(_PATH_LDCONFIG_AUX_CACHE); > > + if (opt_chroot !=3D NULL) { > > + aux_cache_file =3D alloca (strlen (opt_chroot) + strlen (_PATH_LDC= ONFIG_AUX_CACHE) + 2); > > + sprintf (aux_cache_file, "%s/%s", opt_chroot, _PATH_LDCONFIG_AUX_C= ACHE); > > + } >=20 > This drops the use chroot_canon() call. I am afraid it might allows one > to "escape" the "chroot". Imagine that /var/cache/ldconfig is a symlink > pointing outside of the opt_chroot. This code path (opt_chroot being NULL) is only reached if -r was specified = and the chroot() call didn't succeed. This happens, for example, when the user = uses fakeroot. So one can argue that: - escaping the "chroot" is not harmful because there were no sufficient permissions to chroot() in the first place - the user is running ldconfig in a non-default environment where I think = they might be expected to keep the pieces > To avoid changing the code too much, one way could be to call > chroot_canon(opt_chroot, "/var/cache/ldconfig") and concatenate the result > with "aux-cache". Calling chroot_canon(opt_chroot, "/var/cache/ldconfig") will still return N= ULL because /var/cache/ldconfig might not exist inside the -r directory. Doing = so would also ignore the setting of _PATH_LDCONFIG_AUX_CACHE. Maybe what would be done to prevent the "escaping" was to first call the original chroot_canon(opt_chroot, aux_cache_file) and, if the result is NUL= L, concatenate the paths manually instead? Thanks! cheers, josch --===============3999681936070413182== MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Content-Description: signature Content-Type: application/pgp-signature; name="signature.asc"; charset="us-ascii" -----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEElFhU6KL81LF4wVq58sulx4+9g+EFAmNGOY4ACgkQ8sulx4+9 g+EflQ//dNU9YOy04jhqCcNhsDG4F+mxhYwMZ1LLl7Hytz/JKRMlqkk3LD8UqC85 CxX02EeesgfZcJMdgzqvr28AsyRQsqCW/QJluzGiNYiRlJ44PKEJQaUgvAgoSKvA rOv8344BX/4x8FV9T6vs1UfHNOmxVbcq7MsCEzKSv0oSQdipUL1Hw5fp03DvoAaK mppw3T4drbT9gubB40crsDiwuMW2Mz/ebPOlJTKAcg1ebPF/VgYjukMycxx0EF1N LuYjYTTqgKRcADUvcaVJWTXvQSsytjIK07ppx01zgjBFYvvDc0N8kEM2Yjux1368 LxqSGz4j6CmosAu+IqVt0DpfVd7mBr5+y/CaquZbbdCOBl9qdc+7VJ4TlJYXdbMm Fqv3+RlocfsGMZu0vhQzradsYTtCXNWLKJsijxPIm8ybXzrJkY1KN8MKxF8jTCDy 9GY+fTSSA0J/wreZi5pGWJc1OZEdZJVZSDaNBs6ZWRXcwZp+jrtJ3gZ6rzOVGn5F uCag33xjNSzzHu4YaGzGwu0M4KGXGHp6zSoqJvoC+oLK8mgne9I6t6nZUY+15nUt qEx9+1JN6+E6XJpizaJxTubxs45gdaQfUg7G2JXdFMe8p3aPk/PtfxtFZIq8mj7m 6WwjOsdhL2xlxF7eql0gqxpHOv10ZbjldpPVaonCEEP9QlJrivU= =KwAa -----END PGP SIGNATURE----- --===============3999681936070413182==--