scanelf reports security problems, but installs fine. Reproducible: Always Steps to Reproduce: 1. emerge teamspeak3 Actual Results: * teamspeak3-server_linux-amd64-3.0.0-beta12.tar.gz RMD160 SHA1 SHA256 size ;-) ... [ ok ] * checking ebuild checksums ;-) ... [ ok ] * checking auxfile checksums ;-) ... [ ok ] * checking miscfile checksums ;-) ... [ ok ] * Adding user 'teamspeak3' to your system ... * - Userid: 104 * - Shell: /sbin/nologin * - Home: /dev/null * - Groups: (none) >>> Unpacking source... >>> Unpacking teamspeak3-server_linux-amd64-3.0.0-beta12.tar.gz to /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/work >>> Source unpacked in /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/work >>> Compiling source in /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/work ... >>> Source compiled. >>> Test phase [not enabled]: media-sound/teamspeak-server-bin-3.0.0_beta12 >>> Install teamspeak-server-bin-3.0.0_beta12 into /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/image/ category media-sound >>> Completed installing teamspeak-server-bin-3.0.0_beta12 into /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/image/ scanelf: rpath_security_checks(): Security problem with relative DT_RPATH '.' in /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/image/opt/teamspeak3-server/libts3db_sqlite3.so scanelf: rpath_security_checks(): Security problem with relative DT_RPATH '.' in /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/image/opt/teamspeak3-server/libts3db_mysql.so scanelf: rpath_security_checks(): Security problem with relative DT_RPATH '.' in /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/image/opt/teamspeak3-server/ts3server-bin scanelf: rpath_security_checks(): Security problem with relative DT_RPATH '.' in /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/image/opt/teamspeak3-server/libts3db_sqlite3.so scanelf: rpath_security_checks(): Security problem with relative DT_RPATH '.' in /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/image/opt/teamspeak3-server/libts3db_mysql.so scanelf: rpath_security_checks(): Security problem with relative DT_RPATH '.' in /var/tmp/portage/media-sound/teamspeak-server-bin-3.0.0_beta12/image/opt/teamspeak3-server/ts3server-bin >>> Installing (1 of 1) media-sound/teamspeak-server-bin-3.0.0_beta12 >>> Recording media-sound/teamspeak-server-bin in "world" favorites file... >>> Auto-cleaning packages... >>> No outdated packages were found on your system. * GNU info directory index is up-to-date. Expected Results: no scanelf problems Portage 2.1.6.13 (default/linux/amd64/10.0/server, gcc-4.3.4, glibc-2.10.1-r1, 2.6.31-gentoo-r6 x86_64) ================================================================= System uname: Linux-2.6.31-gentoo-r6-x86_64-Intel-R-_Core-TM-_i7_CPU_920_@_2.67GHz-with-gentoo-1.12.13 Timestamp of tree: Mon, 18 Jan 2010 08:20:01 +0000 ccache version 2.4 [enabled] app-shells/bash: 4.0_p35 dev-lang/python: 2.6.4 dev-util/ccache: 2.4-r7 sys-apps/baselayout: 1.12.13 sys-apps/sandbox: 1.6-r2 sys-devel/autoconf: 2.63-r1 sys-devel/automake: 1.9.6-r2, 1.10.2 sys-devel/binutils: 2.18-r3 sys-devel/gcc-config: 1.4.1 sys-devel/libtool: 2.2.6b virtual/os-headers: 2.6.27-r2 ACCEPT_KEYWORDS="amd64" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -msse4 -msse4.1 -msse4.2 -mcx16 -msahf -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/fonts/fonts.conf /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/terminfo /etc/udev/rules.d" CXXFLAGS="-march=core2 -msse4 -msse4.1 -msse4.2 -mcx16 -msahf -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="ccache distlocks fixpackages paralell-fetch parallel-fetch protect-owned sandbox sfperms strict unmerge-orphans userfetch" GENTOO_MIRRORS="http://ftp.uni-erlangen.de/pub/mirrors/gentoo http://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ http://mirror.netcologne.de/gentoo/ " LANG="de_DE.UTF-8" LDFLAGS="-Wl,-O1" LINGUAS="de" MAKEOPTS="-j16" PKGDIR="/usr/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" SYNC="rsync://rsync.de.gentoo.org/gentoo-portage" USE="acl amd64 apache2 bzip2 cli cracklib crypt cups cxx dri fortran gdbm gpm iconv ipv6 jpeg mmx modules mudflap multilib mysql ncurses nls nptl nptlonly openmp pam pcre perl png pppd python readline reflection session snmp spl sse sse2 ssl subversion sysfs tcpd truetype unicode xml xorg zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" APACHE2_MPMS="itk" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="de" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="fbdev glint intel mach64 mga neomagic nv r128 radeon savage sis tdfx trident vesa via vmware voodoo" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, FFLAGS, INSTALL_MASK, LC_ALL, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS, PORTDIR_OVERLAY
This also aplies to beta-15 which was just released.
Hey Benjamin, I'm aware of these RPATH issues. These issues *must* be fixed by upstream as this is a binary-only release and the only thing we can do about, is, to ensure, that these ELFs are executed from within a safe directory. e.g. from / - as it's root.root owned already and should not contain any false shared objects. Although, if an attacker really wants to inject a function, he can do easily using LD_PRELOAD environment variable. Please contact upstream (and CC me) if you don't mind :) Regards, Christian Parpart.
those statements arent entirely true ... any set*id binary that has insecure DT_RPATH's may be exploited. i'm not saying teamspeak has set*id, just that file ownership doesnt really matter in these cases. see Bug 260331 for some trivial examples
We ensure, that the TS3 server binary is just invoked from within the expected base path (that's only writable by root) and the binary has no suid bit set anyways. If you have any further concerns, please reopen and specify your thoughts on this in detail, so we can come along with a solution that fits better :)
