First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 71609
Alias:
Product:
Component:
Status: RESOLVED
Resolution: WONTFIX
Assigned To: Gentoo Toolchain Maintainers <toolchain@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: BlaisorBlade <blaisorblade_spam@yahoo.it>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:

Filename Description Type Creator Created Size Actions
setuid-bind-now.patch setuid-bind-now.patch patch SpanKY 2006-04-24 23:11 0000 955 bytes Details | Diff
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 71609 depends on: Show dependency tree
Bug 71609 blocks:
Votes: 0    Show votes for this bug    Vote for this bug

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2004-11-17 15:08 0000 
With emerge mc, and with many other packages, I get this error message:

QA Notice: /usr/lib/mc/cons.saver is setXid, dynamically linked and using lazy bindings.
This combination is generally discouraged. Try: LDFLAGS='-Wl,-z,now' emerge mc

This issue was earlier discussed at:

http://lwn.net/Articles/99137/

To quote from a comment:

"Is the decision to use RDLT_LAZY hardcoded in /lib/ld-linux.so.2 ? Maybe it would make sense to change that to the equivalent of RTLD_NOW for SUID apps for more deterministic behavior, since the delay caused by LD_DEBUG abuse only increases the already present delay for dynamic symbol resolution in the middle of an operation."

Now, wouldn't it make sense to fix this in glibc, as this reader says?

Reproducible: Always
Steps to Reproduce:
1. Emerge any package building a +s executable and not using early bindings for it in linker settings.

------- Comment #1 From solar 2005-04-29 06:24:30 0000 ------- 
While this sounds very ideal this change would prevent Xorg from starting.
There is a few cases where setXid is used with lazy bindings. 
It's not the right thing todo but it's just the way things work now.

------- Comment #2 From Mark Loeser 2005-12-15 01:01:59 0000 ------- 
As stated, at this point in time, we can't reasonably do this.

------- Comment #3 From SpanKY 2005-12-15 06:32:33 0000 ------- 
actually we can, i have such a patch to do so

------- Comment #4 From SpanKY 2006-04-24 23:11:14 0000 ------- 
Created an attachment (id=85428) [details]
setuid-bind-now.patch

------- Comment #5 From Jakub Moc (RETIRED) 2006-09-02 05:23:25 0000 ------- 
*** Bug 121758 has been marked as a duplicate of this bug. ***

------- Comment #6 From Jakub Moc (RETIRED) 2006-09-14 08:15:18 0000 ------- 
*** Bug 130934 has been marked as a duplicate of this bug. ***

------- Comment #7 From Jakub Moc (RETIRED) 2006-09-17 00:36:18 0000 ------- 
*** Bug 147871 has been marked as a duplicate of this bug. ***

------- Comment #8 From SpanKY 2006-09-24 04:43:11 0000 ------- 
*** Bug 76210 has been marked as a duplicate of this bug. ***

------- Comment #9 From Philipp Riegger 2006-09-25 10:41:36 0000 ------- 
A glibc bug about this was marked as a duplicate of this. But there was a patch
attached, solving the problem. Is this patch going to be submitted or should i
remove "stricter" from my FEATURES since "it's just the way things work now"?

------- Comment #10 From Jakub Moc (RETIRED) 2006-09-30 10:50:16 0000 ------- 
*** Bug 149635 has been marked as a duplicate of this bug. ***

------- Comment #11 From Jakub Moc (RETIRED) 2006-10-13 10:29:26 0000 ------- 
*** Bug 150972 has been marked as a duplicate of this bug. ***

------- Comment #12 From Jakub Moc (RETIRED) 2006-10-14 16:14:45 0000 ------- 
*** Bug 151395 has been marked as a duplicate of this bug. ***

------- Comment #13 From SpanKY 2006-12-04 08:29:28 0000 ------- 
*** Bug 138817 has been marked as a duplicate of this bug. ***

------- Comment #14 From SpanKY 2007-07-04 18:23:05 0000 ------- 
we had a discussion a while ago among hardened/security but never came to a
resolution

we're dropping the bindnow-flags from ebuilds and the warning has been removed
from portage ... the only bit left is whether we want this functionality in our
glibc (if only for USE=hardened)

------- Comment #15 From Mark Loeser 2007-12-08 01:51:49 0000 ------- 
(In reply to comment #14)
> we had a discussion a while ago among hardened/security but never came to a
> resolution
> 
> we're dropping the bindnow-flags from ebuilds and the warning has been removed
> from portage ... the only bit left is whether we want this functionality in our
> glibc (if only for USE=hardened)
> 

So...do we? :)  This has been open for ages and it would be nice for it to come
to a conclusion.

------- Comment #16 From solar 2007-12-08 17:10:13 0000 ------- 
hardened does not care about this and never really has. 
We already link -z now -z relro by default. 
Being that there would be no clear/nice way to for *libc to handle executables 
such as X which are +s and require -z lazy bindings. I don't see a point in 
doing anything here. "/etc/suid-bind-now/" while works. It's just not pretty.

------- Comment #17 From Mark Loeser 2007-12-08 17:12:47 0000 ------- 
Since hardened doesn't care for this, then I think this time we can really
close it.
First Last Prev Next    No search results available      Search page      Enter new bug