Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 140440 - scanelf descends into /usr/lib/debug/
Summary: scanelf descends into /usr/lib/debug/
Status: RESOLVED WORKSFORME
Alias: None
Product: Portage Development
Classification: Unclassified
Component: Third-Party Tools (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: solar (RETIRED)
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-07-14 22:26 UTC by SpanKY
Modified: 2006-12-03 17:38 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description SpanKY gentoo-dev 2006-07-14 22:26:13 UTC 
while emerging libcap i see the error below ... perhaps we should just filter /usr/lib/debug for all scanelf security checks ?

strip: x86_64-pc-linux-gnu-strip --strip-unneeded
   sbin/getpcaps
   sbin/execcap
   sbin/setpcaps
   sbin/sucap
   lib64/libcap.so.1.10
   usr/lib64/python2.4/site-packages/libcapmodule.so
   usr/lib64/libcap.a
scanelf: rpath_security_checks(): Security problem NULL DT_RPATH in /var/tmp/portage/libcap-1.10-r7/image/usr/lib/debug/usr/lib64/python2.4/site-packages/libcapmodule.so.debug

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 with the maintaining herd of the package.
 usr/lib/debug/usr/lib64/python2.4/site-packages/libcapmodule.so.debug
Comment 1 TGL 2006-10-11 11:28:25 UTC 
I've seen that the NEEDED file for "app-emulation/wine" was completly corrupted here, because of what scanelf find in the debug files:

% scanelf -qn -F'%f %n' /usr/lib/debug/usr/lib/wine/ | head
netapi32.dll.so.debug +
Comment 2 TGL 2006-10-11 11:28:25 UTC 
I've seen that the NEEDED file for "app-emulation/wine" was completly corrupted here, because of what scanelf find in the debug files:

% scanelf -qn -F'%f %n' /usr/lib/debug/usr/lib/wine/ | head
netapi32.dll.so.debug +ยง
clusapi.dll.so.debug 4,15),124,1;reserved:(24,15),125,1;cbFrame:(24,15),126,2;;
msxml3.dll.so.debug €
kernel32.dll.so.debug €
sti.dll.so.debug 2;HighId:(24,33),32,32;OffsetToEntries:(24,33),64,32;;
winearts.drv.so.debug 3,612)
uninstaller.exe.so.debug 7)=(14,608)=*(14,605)
iccvid.dll.so.debug StyleSize:(2,35),2304,32;elfMatch:(2,35),2336,32;elfReserved:(2,35),2368,32;elfVendorId:(11,140),2400,32;elfCulture:(2,35),2432,32;elfPanose:(11,135),2464,80;;
ctl3d32.dll.so.debug ,144,32;dwAllocCount:(3,35),176,32;;
msvcrt20.dll.so.debug 6)=(24,33)

Filtering "usr/lib/debug" would be a good workaround for this one too.
Comment 3 TGL 2006-11-11 04:06:01 UTC 
(In reply to comment #1)
> I've seen that the NEEDED file for "app-emulation/wine" was completly corrupted
> here, because of what scanelf find in the debug files:

FYI, I can't reproduce this anymore.  Since my last comments, pax-utils has not been updated, nor binutils or anything else i can think of as relevant.  Only Wine was bumped from 0.9.23 to 0.9.25.  Weird...
Comment 4 solar (RETIRED) gentoo-dev 2006-12-03 17:38:06 UTC 
Cant reproduce this. scanelf should not be going into that dir via prestrip anyway.