* [PATCH] tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820]
@ 2020-10-30 22:36 H.J. Lu
2020-11-02 12:57 ` Florian Weimer
0 siblings, 1 reply; 5+ messages in thread
From: H.J. Lu @ 2020-10-30 22:36 UTC (permalink / raw)
To: libc-alpha; +Cc: Florian Weimer
commit def674652eeac60c386d04733318b311f8a5b620
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Apr 27 15:00:14 2020 +0200
nptl/tst-setuid1-static: Improve isolation from system objects
Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system
libraries.
missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH
for tst-setuid1-static to support
struct passwd *pwd = getpwnam ("nobody");
in nptl/tst-setuid1.c.
---
nptl/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/nptl/Makefile b/nptl/Makefile
index d47e8a81d9..f4134916b2 100644
--- a/nptl/Makefile
+++ b/nptl/Makefile
@@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so
# The test uses dlopen indirectly and would otherwise load system
# objects.
tst-setuid1-static-ENV = \
- LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf
+ LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss
# The tests here better do not run in parallel.
ifeq ($(run-built-tests),yes)
--
2.28.0
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820]
2020-10-30 22:36 [PATCH] tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820] H.J. Lu
@ 2020-11-02 12:57 ` Florian Weimer
2020-11-02 19:10 ` H.J. Lu
0 siblings, 1 reply; 5+ messages in thread
From: Florian Weimer @ 2020-11-02 12:57 UTC (permalink / raw)
To: H.J. Lu; +Cc: libc-alpha
* H. J. Lu:
> commit def674652eeac60c386d04733318b311f8a5b620
> Author: Florian Weimer <fweimer@redhat.com>
> Date: Mon Apr 27 15:00:14 2020 +0200
>
> nptl/tst-setuid1-static: Improve isolation from system objects
>
> Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system
> libraries.
>
> missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH
> for tst-setuid1-static to support
>
> struct passwd *pwd = getpwnam ("nobody");
>
> in nptl/tst-setuid1.c.
> ---
> nptl/Makefile | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/nptl/Makefile b/nptl/Makefile
> index d47e8a81d9..f4134916b2 100644
> --- a/nptl/Makefile
> +++ b/nptl/Makefile
> @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so
> # The test uses dlopen indirectly and would otherwise load system
> # objects.
> tst-setuid1-static-ENV = \
> - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf
> + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss
>
> # The tests here better do not run in parallel.
> ifeq ($(run-built-tests),yes)
This looks incompletely to me still. nptl/tst-setuid1.c needs a a call
to __nss_configure_lookup, to avoid picking up system NSS modules via
/etc/nsswitch.conf.
Thanks,
Florian
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820]
2020-11-02 12:57 ` Florian Weimer
@ 2020-11-02 19:10 ` H.J. Lu
2020-11-03 18:02 ` Florian Weimer
0 siblings, 1 reply; 5+ messages in thread
From: H.J. Lu @ 2020-11-02 19:10 UTC (permalink / raw)
To: Florian Weimer; +Cc: GNU C Library
On Mon, Nov 2, 2020 at 4:57 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> * H. J. Lu:
>
> > commit def674652eeac60c386d04733318b311f8a5b620
> > Author: Florian Weimer <fweimer@redhat.com>
> > Date: Mon Apr 27 15:00:14 2020 +0200
> >
> > nptl/tst-setuid1-static: Improve isolation from system objects
> >
> > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system
> > libraries.
> >
> > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH
> > for tst-setuid1-static to support
> >
> > struct passwd *pwd = getpwnam ("nobody");
> >
> > in nptl/tst-setuid1.c.
> > ---
> > nptl/Makefile | 2 +-
> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >
> > diff --git a/nptl/Makefile b/nptl/Makefile
> > index d47e8a81d9..f4134916b2 100644
> > --- a/nptl/Makefile
> > +++ b/nptl/Makefile
> > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so
> > # The test uses dlopen indirectly and would otherwise load system
> > # objects.
> > tst-setuid1-static-ENV = \
> > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf
> > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss
> >
> > # The tests here better do not run in parallel.
> > ifeq ($(run-built-tests),yes)
>
> This looks incompletely to me still. nptl/tst-setuid1.c needs a a call
> to __nss_configure_lookup, to avoid picking up system NSS modules via
> /etc/nsswitch.conf.
>
This will hide:
https://sourceware.org/bugzilla/show_bug.cgi?id=26825
I'd like to get it fixed first.
--
H.J.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820]
2020-11-02 19:10 ` H.J. Lu
@ 2020-11-03 18:02 ` Florian Weimer
2020-11-03 20:00 ` H.J. Lu
0 siblings, 1 reply; 5+ messages in thread
From: Florian Weimer @ 2020-11-03 18:02 UTC (permalink / raw)
To: H.J. Lu; +Cc: GNU C Library
* H. J. Lu:
> On Mon, Nov 2, 2020 at 4:57 AM Florian Weimer <fweimer@redhat.com> wrote:
>>
>> * H. J. Lu:
>>
>> > commit def674652eeac60c386d04733318b311f8a5b620
>> > Author: Florian Weimer <fweimer@redhat.com>
>> > Date: Mon Apr 27 15:00:14 2020 +0200
>> >
>> > nptl/tst-setuid1-static: Improve isolation from system objects
>> >
>> > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system
>> > libraries.
>> >
>> > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH
>> > for tst-setuid1-static to support
>> >
>> > struct passwd *pwd = getpwnam ("nobody");
>> >
>> > in nptl/tst-setuid1.c.
>> > ---
>> > nptl/Makefile | 2 +-
>> > 1 file changed, 1 insertion(+), 1 deletion(-)
>> >
>> > diff --git a/nptl/Makefile b/nptl/Makefile
>> > index d47e8a81d9..f4134916b2 100644
>> > --- a/nptl/Makefile
>> > +++ b/nptl/Makefile
>> > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so
>> > # The test uses dlopen indirectly and would otherwise load system
>> > # objects.
>> > tst-setuid1-static-ENV = \
>> > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf
>> > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss
>> >
>> > # The tests here better do not run in parallel.
>> > ifeq ($(run-built-tests),yes)
>>
>> This looks incompletely to me still. nptl/tst-setuid1.c needs a a call
>> to __nss_configure_lookup, to avoid picking up system NSS modules via
>> /etc/nsswitch.conf.
>>
>
> This will hide:
>
> https://sourceware.org/bugzilla/show_bug.cgi?id=26825
>
> I'd like to get it fixed first.
Okay, in this case, the patch is okay as posted.
I suspect bug 26825 may not be easy to fix.
Thanks,
Florian
--
Red Hat GmbH, https://de.redhat.com/ , Registered seat: Grasbrunn,
Commercial register: Amtsgericht Muenchen, HRB 153243,
Managing Directors: Charles Cachera, Brian Klemm, Laurie Krebs, Michael O'Neill
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [PATCH] tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820]
2020-11-03 18:02 ` Florian Weimer
@ 2020-11-03 20:00 ` H.J. Lu
0 siblings, 0 replies; 5+ messages in thread
From: H.J. Lu @ 2020-11-03 20:00 UTC (permalink / raw)
To: Florian Weimer; +Cc: GNU C Library
On Tue, Nov 3, 2020 at 10:02 AM Florian Weimer <fweimer@redhat.com> wrote:
>
> * H. J. Lu:
>
> > On Mon, Nov 2, 2020 at 4:57 AM Florian Weimer <fweimer@redhat.com> wrote:
> >>
> >> * H. J. Lu:
> >>
> >> > commit def674652eeac60c386d04733318b311f8a5b620
> >> > Author: Florian Weimer <fweimer@redhat.com>
> >> > Date: Mon Apr 27 15:00:14 2020 +0200
> >> >
> >> > nptl/tst-setuid1-static: Improve isolation from system objects
> >> >
> >> > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system
> >> > libraries.
> >> >
> >> > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH
> >> > for tst-setuid1-static to support
> >> >
> >> > struct passwd *pwd = getpwnam ("nobody");
> >> >
> >> > in nptl/tst-setuid1.c.
> >> > ---
> >> > nptl/Makefile | 2 +-
> >> > 1 file changed, 1 insertion(+), 1 deletion(-)
> >> >
> >> > diff --git a/nptl/Makefile b/nptl/Makefile
> >> > index d47e8a81d9..f4134916b2 100644
> >> > --- a/nptl/Makefile
> >> > +++ b/nptl/Makefile
> >> > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so
> >> > # The test uses dlopen indirectly and would otherwise load system
> >> > # objects.
> >> > tst-setuid1-static-ENV = \
> >> > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf
> >> > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss
> >> >
> >> > # The tests here better do not run in parallel.
> >> > ifeq ($(run-built-tests),yes)
> >>
> >> This looks incompletely to me still. nptl/tst-setuid1.c needs a a call
> >> to __nss_configure_lookup, to avoid picking up system NSS modules via
> >> /etc/nsswitch.conf.
> >>
> >
> > This will hide:
> >
> > https://sourceware.org/bugzilla/show_bug.cgi?id=26825
> >
> > I'd like to get it fixed first.
>
> Okay, in this case, the patch is okay as posted.
I will check it in.
> I suspect bug 26825 may not be easy to fix.
>
It looks like it. Fortunately, it only impacts dlopen failures in
static executables.
Thanks.
--
H.J.
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2020-11-03 20:01 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-10-30 22:36 [PATCH] tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820] H.J. Lu
2020-11-02 12:57 ` Florian Weimer
2020-11-02 19:10 ` H.J. Lu
2020-11-03 18:02 ` Florian Weimer
2020-11-03 20:00 ` H.J. Lu
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).