Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 147875 - sys-libs/pam-0.78-r3: emerge fails due to setXid, dyn linked, lazy bindings on /usr/sbin/unix_chkpwd
Summary: sys-libs/pam-0.78-r3: emerge fails due to setXid, dyn linked, lazy bindings o...
Status: VERIFIED DUPLICATE of bug 118278
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Core system (show other bugs)
Hardware: All Linux
: High normal
Assignee: Gentoo Linux bug wranglers
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2006-09-16 18:41 UTC by Kevin Pyle
Modified: 2006-09-17 10:26 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Kevin Pyle 2006-09-16 18:41:14 UTC 
Background:
Emerging sys-libs/pam-0.78-r3 fails in install_qa_check due to dynamic linkage
and lazy bindings on the setuid file /usr/sbin/unix_chkpwd.  Running "scanelf
-yRF '%b %p' <file>" on the usr/sbin/unix_chkpwd dropped in the staging area
confirms that at is lazily bound.  

Steps to reproduce:
1. emerge =sys-libs/pam-0.78-r3

Actual results:
install_qa_check cancels the merge due to the lazy binding.

Expected results:
usr/sbin/unix_chkpwd should be built with non-lazy binding so that install_qa_check does not panic.

Mitigating factors:
ebuild gives instructions on how to build with non-lazy bindings (by passing
"-z now" to the linker).

Aggravating factors:
The instructions as printed do not work. :-)  The build process for pam does not include $LDFLAGS in the rule which builds unix_chkpwd, so running "LDFLAGS='-Wl,-z,now' emerge =sys-libs/pam-0.78-r3" still fails.  Using CFLAGS='-Wl,-z,now' does pass '-z now' to the build of unix_chkpwd, which allows the merge to succeed.

Suggested resolution:
Append "-Wl,-z,now" to CFLAGS when building pam.


emerge --info:
Gentoo Base System version 1.12.5
Portage 2.1.1 (default-linux/x86/2006.1, gcc-4.1.1, glibc-2.4-r3, 2.6.14.3
i686)
=================================================================
System uname: 2.6.14.3 i686 Intel(R) Pentium(R) 4 CPU 3.20GHz
Last Sync: Sat, 16 Sep 2006 17:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: [Not Present]
dev-lang/python:     2.4.3-r1
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
ACCEPT_KEYWORDS="x86"
ACCEPT_LICENSE=""
ACLOCAL_PATH="/opt/gnome/share/aclocal:/opt/gnome/share/aclocal"
ARCH="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=pentium4 -pipe"
CHOST="i686-pc-linux-gnu"
CLEAN_DELAY="5"
COLORTERM="1"
CONFIG_PROTECT="/etc"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/terminfo"
CROSSCOMPILE_OPTS=""
CSHEDIT="emacs"
CVS_RSH="ssh"
CXXFLAGS="-O2 -march=pentium4 -pipe"
DISTDIR="/usr/portage/distfiles"
DVB_CARDS=""
EDITOR="/bin/vi"
ELIBC="glibc"
EMERGE_DEFAULT_OPTS="--verbose"
EMERGE_WARNING_DELAY="10"
FCDSL_CARDS=""
FEATURES="autoconfig collision-protect digest distlocks maketest
metadata-transfer parallel-fetch sandbox severe sfperms strict stricter test
userfetch userpriv usersandbox"
FETCHCOMMAND="/usr/bin/wget -t 5 -T 60 --passive-ftp -P ${DISTDIR} ${URI}"
FOO2ZJS_DEVICES=""
FRITZCAPI_CARDS=""
GCC_SPECS=""
GENTOO_MIRRORS="http://distfiles.gentoo.org
http://distro.ibiblio.org/pub/linux/distributions/gentoo"
GNOMEDIR="/opt/gnome"
GNOME_PATH="/opt/gnome:/usr"
GROUP="root"
GZIP="-9"
HOME="/root"
HOSTTYPE="i586-linux"
INFODIR="/usr/info:/usr/share/info:/usr/local/info"
INFOPATH="/usr/share/info:/usr/share/binutils-data/i686-pc-linux-gnu/2.16.1/info::/usr/share/gcc-data/i686-pc-linux-gnu/4.1.1/info"
INPUTRC="/root/.inputrc"
INPUT_DEVICES="keyboard mouse"
JAVA_BINDIR="/usr/lib/java/jre/bin"
JAVA_HOME="/usr/lib/java/jre"
JAVA_ROOT="/usr/lib/java"
JRE_HOME="/usr/lib/java/jre"
KERNEL="linux"
LC_ALL="C"
LC_CTYPE="en_US"
LESS="-R -M --shift 5"
LESSCLOSE="lessclose.sh %s %s"
LESSKEY="/etc/lesskey.bin"
LESSOPEN="|lesspipe.sh %s"
LINGUAS=""
LIRC_DEVICES=""
LOGNAME="root"
LS_COLORS="no=00:fi=00:di=00;36:ln=01;36:pi=40;33:so=01;35:do=01;35:bd=40;33;01:cd=40;33;01:or=41;36;01:ex=00;32:*.cmd=01;32:*.exe=01;32:*.com=01;32:*.bat=01;32:*.btm=01;32:*.dll=01;32:*.tar=00;31:*.tbz=00;31:*.tgz=00;31:*.rpm=00;31:*.deb=00;31:*.arj=00;31:*.taz=00;31:*.lzh=00;31:*.zip=00;31:*.zoo=00;31:*.z=00;31:*.Z=00;31:*.gz=00;31:*.bz2=00;31:*.tb2=00;31:*.tz2=00;31:*.tbz2=00;31:*.avi=01;35:*.bmp=01;35:*.fli=01;35:*.gif=01;35:*.jpg=01;35:*.jpeg=01;35:*.mng=01;35:*.mov=01;35:*.mpg=01;35:*.pcx=01;35:*.pbm=01;35:*.pgm=01;35:*.png=01;35:*.ppm=01;35:*.tga=01;35:*.tif=01;35:*.xbm=01;35:*.xpm=01;35:*.dl=01;35:*.gl=01;35:*.aiff=00;32:*.au=00;32:*.mid=00;32:*.mp3=00;32:*.ogg=00;32:*.voc=00;32:*.wav=00;32:"
LS_OPTIONS="-a -N --color=tty -T 0"
MACHTYPE="i686"
MAKEOPTS="-j3"
MANPATH="/usr/local/share/man:/usr/share/man:/usr/share/binutils-data/i686-pc-linux-gnu/2.16.1/man::/usr/share/gcc-data/i686-pc-linux-gnu/4.1.1/man"
MINICOM="-c on"
MISDN_CARDS=""
OSTYPE="linux"
PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1"
PKGDIR="/usr/portage/packages"
PORTAGE_ARCHLIST="ppc s390 amd64 ppc64 x86-fbsd m68k arm sparc sh mips ia64
alpha ppc-macos hppa x86"
PORTAGE_BINHOST_CHUNKSIZE="3000"
PORTAGE_BIN_PATH="/usr/lib/portage/bin"
PORTAGE_CALLER="emerge"
PORTAGE_CONFIGROOT="/"
PORTAGE_DEBUG="0"
PORTAGE_DEPCACHEDIR="/var/cache/edb/dep"
PORTAGE_ELOG_CLASSES="log warn error"
PORTAGE_ELOG_MAILFROM="portage"
PORTAGE_ELOG_MAILSUBJECT="[portage] ebuild log for ${PACKAGE} on ${HOST}"
PORTAGE_ELOG_MAILURI="root"
PORTAGE_GID="250"
PORTAGE_INST_GID="0"
PORTAGE_INST_UID="0"
PORTAGE_NICENESS="2"
PORTAGE_PYM_PATH="/usr/lib/portage/pym"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress
--force --whole-file --delete --delete-after --stats --timeout=180
--exclude='/distfiles' --exclude='/local' --exclude='/packages'"
PORTAGE_RSYNC_RETRIES="3"
PORTAGE_TMPDIR="/var/tmp"
PORTAGE_TMPFS="/dev/shm"
PORTAGE_WORKDIR_MODE="0700"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
PORT_LOGDIR="/var/log/portage"
PRELINK_PATH=""
PRELINK_PATH_MASK=""
PWD="/"
PYTHONDOCS="/usr/share/doc/python-docs-2.4.3/html"
PYTHONPATH="/usr/lib/portage/pym"
QA_STRICT_TEXTRELS="set"
QTDIR="/usr/lib/qt3"
RESUMECOMMAND="/usr/bin/wget -c -t 5 -T 60 --passive-ftp -P ${DISTDIR} ${URI}"
ROOT="/"
ROOTPATH="/opt/bin:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1:/usr/i686-pc-linux-gnu/gcc-bin/4.1.1"
RPMDIR="/usr/portage/rpm"
SHLVL="2"
STAGE1_USE="nptl nptlonly unicode"
SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage"
TERM="screen"
USE="x86 X acl acpi adns apache2 bash-completion berkdb bitmap-fonts bzip2 caps
cdr cli crypt cscope cups curl dlloader dri dvd dvdr elibc_glibc expat ftp gdbm
gif gnutls gtk gtk2 imagemagick imap input_devices_keyboard input_devices_mouse
isdnlog javascript jpeg kde kdeenablefinal kernel_linux libg++ lm_sensors
logrotate mbox mime mmap mmx motif ncurses nls nocd nptl nptlonly pam pcntl
pcre pdf perl png posix ppds pppd python qt3 readline reflection samba
seamonkey session sockets spell spl ssl tcpd test threads tiff truetype
truetype-fonts type1-fonts udev unicode userland_GNU v4l video_cards_radeon
xinerama xinetd xml xorg zlib"
USER="root"
USERLAND="GNU"
USE_EXPAND="CROSSCOMPILE_OPTS DVB_CARDS ELIBC FCDSL_CARDS FOO2ZJS_DEVICES
FRITZCAPI_CARDS INPUT_DEVICES KERNEL LINGUAS LIRC_DEVICES MISDN_CARDS USERLAND
VIDEO_CARDS"
USE_EXPAND_HIDDEN="CROSSCOMPILE_OPTS ELIBC KERNEL USERLAND"
USE_ORDER="env:pkg:conf:defaults"
VIDEO_CARDS="radeon"
XARGS="xargs -r"
XFILESEARCHPATH="/usr/lib/X11/%L/%T/%N%C:/usr/lib/X11/%l/%T/%N%C:/usr/lib/X11/%T/%N%C:/usr/lib/X11/%L/%T/%N:/usr/lib/X11/%l/%T/%N:/usr/lib/X11/%T/%N:/var/X11R6/%T/%N%C:/var/X11R6/%T/%N"
_="/usr/bin/emerge"


This is the same type of failure as I reported in bug 147871, albeit for a different package.  I have not created a patch for the pam ebuild yet (instead, I merged with "CFLAGS='-Wl,-z,now' emerge pam").
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-09-17 00:37:12 UTC 

*** This bug has been marked as a duplicate of 118278 ***
Comment 2 Kevin Pyle 2006-09-17 10:26:36 UTC 
Searching for bugs that refered to setXid (which seemed to be the most distinct part of the error message from install_qa_check) revealed only one open bug (bug 144806), which refered to VMware.  I originally excluded resolved bugs from my search, since the problem itself is clearly not resolved in the stable tree.  I see now that searches ought to include bugs which will not be fixed.

Given that the current position of the maintainers seems to be that this security hole should be left in place until glibc fixes it (bug 118278, comment #2; bug 141535, comment #1), perhaps the error message should reflect that there is no longer any point in filing per-package bug reports about lazy bindings.  I know that's a Portage issue, but given that bug 71609 seems to be the preferred fix, it has been open since 2004, and Vapier posted a patch to it ~5 months ago (which presumably has not been applied), it seems likely that a Portage update will go out before bug 71609 is fixed.  Leaving the error message as-is wastes users' time to file new reports about lazy bindings, your time to mark them as duplicates, and puts more junk bugs in the database.