libsandbox.so has a bug in fopen64(), which is brought out by the use of fopen64() in libselinux.so.1, and ld_linux.so.2 loading all of the libraries before calling their _init functions. I know that the steps to reproduce are done solely to expose this bug. Note that switching the two libraries hides the bug, since libsandbox.so#_init is called before testfopen64.so#_init. --- libsandbox.c 2004-12-02 08:14:09.000000000 +1000 +++ libsandbox.c.fixed 2005-06-20 09:21:32.000000000 +1000 @@ -677,7 +677,7 @@ if FUNCTION_SANDBOX_SAFE_CHAR ("fopen64", canonic, mode) { check_dlsym(fopen64); - result = true_fopen(pathname, mode); + result = true_fopen64(pathname, mode); } return result; Reproducible: Always Steps to Reproduce: 1. echo -e '#define _GNU_SOURCE\n#define _FILE_OFFSET_BITS 64\n#include <stdio.h>\n\nvoid _init (void){\n\tfclose(fopen("/dev/null", "rb"));\n}' >testfopen64.c 2. echo 'int main (void){return 0;}' >test.c 3. gcc -shared -nostdlib -lc -o testfopen64.so testfopen64.c 4. gcc -o test test.c -lsandbox testfopen64.so 5. ./test Actual Results: Segmentation fault (core dumped) Expected Results: There should have been no output
Just looked at AnonCVS - it was fixed by azarah in revision 1.8 on 02-Mar-2005 Therefore, the masked sys-apps/sandbox package is required to fix this.
