* build initramfs: uncontrolled LD_LIBRARY_PATH
@ 2011-08-19 3:48 John Reiser
[not found] ` <4E4DDD15.30202-Po6cBsTGB2ZWk0Htik3J/w@public.gmane.org>
0 siblings, 1 reply; 3+ messages in thread
From: John Reiser @ 2011-08-19 3:48 UTC (permalink / raw)
To: initramfs-u79uwXL29TY76Z2rM5mHXA
dracut uses ldd when building an initramfs, but I cannot find where
dracut controls LD_LIBRARY_PATH during the build. Thus I do not trust
the results of ldd. The string "LD_LIBRARY_PATH" does not appear
in the dracut source tree, there is no use of "env -i", dracut is
not setuid, etc.
At a minimum, the built initramfs could fail to satisfy some DT_NEEDED
entry during boot, leading to a crash. Some soname was satisfied by
a library in a non-standard directory on the build-time LD_LIBRARY_PATH,
and was copied into that non-standard directory of the initramfs, but is
not findable using the boot-time (default standard) path list.
That might be the worst, because all users of the initramfs (namely:
booting only) do control LD_LIBRARY_PATH, so there might be "no possibility"
of substituting an actual non-standard library. However, it would be
safer to control LD_LIBRARY_PATH while building initramfs, or at least
document why not.
--
^ permalink raw reply [flat|nested] 3+ messages in thread[parent not found: <4E4DDD15.30202-Po6cBsTGB2ZWk0Htik3J/w@public.gmane.org>]
* Re: build initramfs: uncontrolled LD_LIBRARY_PATH [not found] ` <4E4DDD15.30202-Po6cBsTGB2ZWk0Htik3J/w@public.gmane.org> @ 2011-08-19 6:07 ` Harald Hoyer [not found] ` <4E4DFDB1.9090203-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> 0 siblings, 1 reply; 3+ messages in thread From: Harald Hoyer @ 2011-08-19 6:07 UTC (permalink / raw) To: John Reiser; +Cc: initramfs-u79uwXL29TY76Z2rM5mHXA On 19.08.2011 05:48, John Reiser wrote: > dracut uses ldd when building an initramfs, but I cannot find where > dracut controls LD_LIBRARY_PATH during the build. Thus I do not trust > the results of ldd. The string "LD_LIBRARY_PATH" does not appear > in the dracut source tree, there is no use of "env -i", dracut is > not setuid, etc. > > At a minimum, the built initramfs could fail to satisfy some DT_NEEDED > entry during boot, leading to a crash. Some soname was satisfied by > a library in a non-standard directory on the build-time LD_LIBRARY_PATH, > and was copied into that non-standard directory of the initramfs, but is > not findable using the boot-time (default standard) path list. > > That might be the worst, because all users of the initramfs (namely: > booting only) do control LD_LIBRARY_PATH, so there might be "no possibility" > of substituting an actual non-standard library. However, it would be > safer to control LD_LIBRARY_PATH while building initramfs, or at least > document why not. > good find! diff --git a/dracut b/dracut index cf27b23..dfa71a1 100755 --- a/dracut +++ b/dracut @@ -265,6 +265,7 @@ fi PATH=/sbin:/bin:/usr/sbin:/usr/bin export PATH +unset LD_LIBRARY_PATH [[ $debug ]] && { export PS4='${BASH_SOURCE}@${LINENO}(${FUNCNAME[0]}): '; ^ permalink raw reply related [flat|nested] 3+ messages in thread
[parent not found: <4E4DFDB1.9090203-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>]
* Re: build initramfs: uncontrolled LD_LIBRARY_PATH [not found] ` <4E4DFDB1.9090203-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org> @ 2011-08-19 16:18 ` John Reiser 0 siblings, 0 replies; 3+ messages in thread From: John Reiser @ 2011-08-19 16:18 UTC (permalink / raw) To: initramfs-u79uwXL29TY76Z2rM5mHXA > --- a/dracut > +++ b/dracut > @@ -265,6 +265,7 @@ fi > > PATH=/sbin:/bin:/usr/sbin:/usr/bin > export PATH > +unset LD_LIBRARY_PATH Also unset LD_PRELOAD, although it's not quite as bad as LD_LIBRARY_PATH. [See "LD_PRELOAD=/lib64/libreadline.so.6 ldd /bin/date".] -- ^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2011-08-19 16:18 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2011-08-19 3:48 build initramfs: uncontrolled LD_LIBRARY_PATH John Reiser
[not found] ` <4E4DDD15.30202-Po6cBsTGB2ZWk0Htik3J/w@public.gmane.org>
2011-08-19 6:07 ` Harald Hoyer
[not found] ` <4E4DFDB1.9090203-H+wXaHxf7aLQT0dZR+AlfA@public.gmane.org>
2011-08-19 16:18 ` John Reiser
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox