* Exported symbols removed in 2.5.2
@ 2016-05-03 15:04 Laurent Bigonville
2016-05-03 15:10 ` Steve Grubb
0 siblings, 1 reply; 4+ messages in thread
From: Laurent Bigonville @ 2016-05-03 15:04 UTC (permalink / raw)
To: linux-audit
Hello,
In debian, during the build of a package, we have a tool checking if
symbols are removed from shared librearies.
With the 2.5.2 release, I get the following output:
--- debian/libauparse0.symbols (libauparse0_1:2.5.2-1_amd64)
+++ dpkg-gensymbolsmB_9P2 2016-05-03 15:01:10.606713310 +0000
@@ -1,7 +1,7 @@
libauparse.so.0 libauparse0 #MINVER#
au_terminate_all_events@Base 1:2.5.1
- audit_strsplit@Base 1:2.4.2
- audit_strsplit_r@Base 1:2.4.2
+#MISSING: 1:2.5.2-1# audit_strsplit@Base 1:2.4.2
+#MISSING: 1:2.5.2-1# audit_strsplit_r@Base 1:2.4.2
auparse_add_callback@Base 1:2.2.1
auparse_destroy@Base 1:2.2.1
auparse_do_interpretation@Base 1:2.3.1
@@ -49,4 +49,4 @@
ausearch_clear@Base 1:2.2.1
ausearch_next_event@Base 1:2.2.1
ausearch_set_stop@Base 1:2.2.1
- set_escape_mode@Base 1:2.4.4
+#MISSING: 1:2.5.2-1# set_escape_mode@Base 1:2.4.4
dpkg-gensymbols: warning: some symbols or patterns disappeared in the
symbols file: see diff output below
dpkg-gensymbols: warning: debian/libaudit1/DEBIAN/symbols doesn't match
completely debian/libaudit1.symbols
--- debian/libaudit1.symbols (libaudit1_1:2.5.2-1_amd64)
+++ dpkg-gensymbolsQATT_C 2016-05-03 15:01:10.802717308 +0000
@@ -56,7 +56,7 @@
audit_rule_syscall_data@Base 1:2.2.1
audit_rule_syscallbyname_data@Base 1:2.2.1
audit_send@Base 1:2.2.1
- audit_send_user_message@Base 1:2.2.1
+#MISSING: 1:2.5.2-1# audit_send_user_message@Base 1:2.2.1
audit_set_backlog_limit@Base 1:2.2.1
audit_set_backlog_wait_time@Base 1:2.4.2
audit_set_enabled@Base 1:2.2.1
Is that expected that these 4 symbols have been removed?
Cheers,
Laurent Bigonville
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Exported symbols removed in 2.5.2
2016-05-03 15:04 Exported symbols removed in 2.5.2 Laurent Bigonville
@ 2016-05-03 15:10 ` Steve Grubb
2016-05-03 15:15 ` Laurent Bigonville
0 siblings, 1 reply; 4+ messages in thread
From: Steve Grubb @ 2016-05-03 15:10 UTC (permalink / raw)
To: linux-audit
On Tuesday, May 03, 2016 05:04:04 PM Laurent Bigonville wrote:
> Hello,
>
> In debian, during the build of a package, we have a tool checking if
> symbols are removed from shared librearies.
>
> With the 2.5.2 release, I get the following output:
>
> --- debian/libauparse0.symbols (libauparse0_1:2.5.2-1_amd64)
> +++ dpkg-gensymbolsmB_9P2 2016-05-03 15:01:10.606713310 +0000
> @@ -1,7 +1,7 @@
> libauparse.so.0 libauparse0 #MINVER#
> au_terminate_all_events@Base 1:2.5.1
> - audit_strsplit@Base 1:2.4.2
> - audit_strsplit_r@Base 1:2.4.2
> +#MISSING: 1:2.5.2-1# audit_strsplit@Base 1:2.4.2
> +#MISSING: 1:2.5.2-1# audit_strsplit_r@Base 1:2.4.2
> auparse_add_callback@Base 1:2.2.1
> auparse_destroy@Base 1:2.2.1
> auparse_do_interpretation@Base 1:2.3.1
> @@ -49,4 +49,4 @@
> ausearch_clear@Base 1:2.2.1
> ausearch_next_event@Base 1:2.2.1
> ausearch_set_stop@Base 1:2.2.1
> - set_escape_mode@Base 1:2.4.4
> +#MISSING: 1:2.5.2-1# set_escape_mode@Base 1:2.4.4
> dpkg-gensymbols: warning: some symbols or patterns disappeared in the
> symbols file: see diff output below
> dpkg-gensymbols: warning: debian/libaudit1/DEBIAN/symbols doesn't match
> completely debian/libaudit1.symbols
> --- debian/libaudit1.symbols (libaudit1_1:2.5.2-1_amd64)
> +++ dpkg-gensymbolsQATT_C 2016-05-03 15:01:10.802717308 +0000
> @@ -56,7 +56,7 @@
> audit_rule_syscall_data@Base 1:2.2.1
> audit_rule_syscallbyname_data@Base 1:2.2.1
> audit_send@Base 1:2.2.1
> - audit_send_user_message@Base 1:2.2.1
> +#MISSING: 1:2.5.2-1# audit_send_user_message@Base 1:2.2.1
> audit_set_backlog_limit@Base 1:2.2.1
> audit_set_backlog_wait_time@Base 1:2.4.2
> audit_set_enabled@Base 1:2.2.1
>
> Is that expected that these 4 symbols have been removed?
Yes. This corresponds to the changelog entry:
- Revise function hiding technique to better protect audit ABI
All functions missing are internal to the audit libraries and could cause
symbols collisions or worse if people start using them even though they are
not declared in the library headers.
-Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Exported symbols removed in 2.5.2
2016-05-03 15:10 ` Steve Grubb
@ 2016-05-03 15:15 ` Laurent Bigonville
2016-05-03 16:33 ` Steve Grubb
0 siblings, 1 reply; 4+ messages in thread
From: Laurent Bigonville @ 2016-05-03 15:15 UTC (permalink / raw)
To: Steve Grubb, linux-audit
Le 03/05/16 à 17:10, Steve Grubb a écrit :
> On Tuesday, May 03, 2016 05:04:04 PM Laurent Bigonville wrote:
>> Hello,
>>
>> In debian, during the build of a package, we have a tool checking if
>> symbols are removed from shared librearies.
>>
>> With the 2.5.2 release, I get the following output:
>>
>> --- debian/libauparse0.symbols (libauparse0_1:2.5.2-1_amd64)
>> +++ dpkg-gensymbolsmB_9P2 2016-05-03 15:01:10.606713310 +0000
>> @@ -1,7 +1,7 @@
>> libauparse.so.0 libauparse0 #MINVER#
>> au_terminate_all_events@Base 1:2.5.1
>> - audit_strsplit@Base 1:2.4.2
>> - audit_strsplit_r@Base 1:2.4.2
>> +#MISSING: 1:2.5.2-1# audit_strsplit@Base 1:2.4.2
>> +#MISSING: 1:2.5.2-1# audit_strsplit_r@Base 1:2.4.2
>> auparse_add_callback@Base 1:2.2.1
>> auparse_destroy@Base 1:2.2.1
>> auparse_do_interpretation@Base 1:2.3.1
>> @@ -49,4 +49,4 @@
>> ausearch_clear@Base 1:2.2.1
>> ausearch_next_event@Base 1:2.2.1
>> ausearch_set_stop@Base 1:2.2.1
>> - set_escape_mode@Base 1:2.4.4
>> +#MISSING: 1:2.5.2-1# set_escape_mode@Base 1:2.4.4
>> dpkg-gensymbols: warning: some symbols or patterns disappeared in the
>> symbols file: see diff output below
>> dpkg-gensymbols: warning: debian/libaudit1/DEBIAN/symbols doesn't match
>> completely debian/libaudit1.symbols
>> --- debian/libaudit1.symbols (libaudit1_1:2.5.2-1_amd64)
>> +++ dpkg-gensymbolsQATT_C 2016-05-03 15:01:10.802717308 +0000
>> @@ -56,7 +56,7 @@
>> audit_rule_syscall_data@Base 1:2.2.1
>> audit_rule_syscallbyname_data@Base 1:2.2.1
>> audit_send@Base 1:2.2.1
>> - audit_send_user_message@Base 1:2.2.1
>> +#MISSING: 1:2.5.2-1# audit_send_user_message@Base 1:2.2.1
>> audit_set_backlog_limit@Base 1:2.2.1
>> audit_set_backlog_wait_time@Base 1:2.4.2
>> audit_set_enabled@Base 1:2.2.1
>>
>> Is that expected that these 4 symbols have been removed?
> Yes. This corresponds to the changelog entry:
>
> - Revise function hiding technique to better protect audit ABI
>
> All functions missing are internal to the audit libraries and could cause
> symbols collisions or worse if people start using them even though they are
> not declared in the library headers.
In the private.h header file, I can see the following comment:
// This is the main messaging function used internally
// Don't hide it, it used to be a part of the public API!
extern int audit_send_user_message(int fd, int type, hide_t hide_err,
const char *message);
So doesn't this warrant a soname bump then?
^ permalink raw reply [flat|nested] 4+ messages in thread
* Re: Exported symbols removed in 2.5.2
2016-05-03 15:15 ` Laurent Bigonville
@ 2016-05-03 16:33 ` Steve Grubb
0 siblings, 0 replies; 4+ messages in thread
From: Steve Grubb @ 2016-05-03 16:33 UTC (permalink / raw)
To: Laurent Bigonville; +Cc: linux-audit
On Tuesday, May 03, 2016 05:15:01 PM Laurent Bigonville wrote:
> >> +#MISSING: 1:2.5.2-1# audit_send_user_message@Base 1:2.2.1
> >>
> >> audit_set_backlog_limit@Base 1:2.2.1
> >> audit_set_backlog_wait_time@Base 1:2.4.2
> >> audit_set_enabled@Base 1:2.2.1
> >>
> >> Is that expected that these 4 symbols have been removed?
> >
> > Yes. This corresponds to the changelog entry:
> >
> > - Revise function hiding technique to better protect audit ABI
> >
> > All functions missing are internal to the audit libraries and could cause
> > symbols collisions or worse if people start using them even though they
> > are
> > not declared in the library headers.
>
> In the private.h header file, I can see the following comment:
>
> // This is the main messaging function used internally
> // Don't hide it, it used to be a part of the public API!
> extern int audit_send_user_message(int fd, int type, hide_t hide_err,
> const char *message);
>
> So doesn't this warrant a soname bump then?
The answer is not simple. It was a hidden symbol:
hidden_proto(audit_send_user_message);
But I noticed that this broke at some point because it was hidden in old
releases but then suddenly started being visible. There has been no changes in
the hiding technique since the 1.2 release. My guess is that something changed
in gcc somewhere along the way that broke the hiding technique from Ulrich
Drepper's DSO programming guidelines.
The function was part of the public API in the 1.0.16 release. It was
deprecated/hidden in the 1.2 release which dates to 7-Apr 2006. Its been about
10 years that the function prototype has not been in libaudit.h. I would hope
that a missing prototype message would have been reported and fixed in the last
10 years. I have personally fixed use of the symbol in everything I know of 10
years ago.
The only problem people would have is in very old utilities they wrote a long
time ago, or very old versions of shadow-utils/pam. I wrote a script that
looks for that symbol in all elf files. I have to test on RHEL 4 to find the
symbol in any programs. So, I think you have a valid concern, but its been so
long that in practice it has worked itself out.
-Steve
^ permalink raw reply [flat|nested] 4+ messages in thread
end of thread, other threads:[~2016-05-03 16:33 UTC | newest]
Thread overview: 4+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-03 15:04 Exported symbols removed in 2.5.2 Laurent Bigonville
2016-05-03 15:10 ` Steve Grubb
2016-05-03 15:15 ` Laurent Bigonville
2016-05-03 16:33 ` Steve Grubb
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).