When I executed /usr/bin/socksify which belongs to net-proxy/dante-1.3.1, the program refused to run, and told me "error: dante client not built with preloading support." Then I wanted to find where the problem is. I digged into the source of dante, and I found that the result of running ./configure told me "preload" is disabled. So I read ./configure, ./config.log and ./preload.m4 in dante source directory. And then I found dante configure uses the code as following to check if preload can be enabled. #include <stdlib.h> #include <string.h> #include <unistd.h> int main(int argc, char *argv[]) { char buf[1024]; strcpy(buf, "lari -V "); strcat(buf, argv[0]); strcat(buf, " | grep read | grep protected > /dev/null"); /* * return error if 'protected' * (ignore errors, not indicative of blocking) */ if (system(buf) == 0) return 1; else return 0; } ssize_t read(d, buf, nbytes) int d; void *buf; size_t nbytes; { return 0; } Obviously, in Linux system, there is no program named as "lari", so running this test program must be failed. In config.log, you can also see the failure result, as following. configure:31760: checking libc preload blocking configure:31813: x86_64-pc-linux-gnu-gcc -o conftest -g -pipe -D_XOPEN_SOURCE=600 -D_XOPEN_SOURCE_EXTENDED -D_BSD_SOURCE -U__GNUC__ -D__GNUC__=0 -DDEBUG=1 conftest.c -ldl >&5 configure:31816: $? = 0 configure:31822: ./conftest sh: lari: command not found configure:31825: $? = 0 configure:31827: result: no Reproducible: Always Steps to Reproduce: 1. Decompress dante source package 2. ./configure Actual Results: Then you can see the result tells you that "preload" is disabled. Expected Results: "Preload" should have been enabled in Linux system.
Output of emerge -vp dante is [ebuild R ] net-proxy/dante-1.3.1 USE="pam tcpd -debug -kerberos (-selinux) -static-libs" emerge --info Portage 2.2.0_alpha45 (default/linux/amd64/10.0, gcc-4.5.2, glibc-2.13-r4, 2.6.38-tuxonice-r2-ibm-thinkpad-x60 x86_64) ================================================================= System uname: Linux-2.6.38-tuxonice-r2-ibm-thinkpad-x60-x86_64-Intel-R-_Core-TM-2_CPU_T7200_@_2.00GHz-with-gentoo-2.0.3 Timestamp of tree: Wed, 20 Jul 2011 00:00:01 +0000 ccache version 3.1.5 [disabled] app-shells/bash: 4.2_p10 dev-java/java-config: 2.1.11-r3 dev-lang/python: 2.7.2, 3.1.3-r1, 3.2 dev-util/ccache: 3.1.5 dev-util/cmake: 2.8.5-r2 dev-util/pkgconfig: 0.26 sys-apps/baselayout: 2.0.3 sys-apps/openrc: 0.8.3-r1 sys-apps/sandbox: 2.5 sys-devel/autoconf: 2.13, 2.68 sys-devel/automake: 1.9.6-r3, 1.10.3, 1.11.1-r1 sys-devel/binutils: 2.21.1 sys-devel/gcc: 4.5.2 sys-devel/gcc-config: 1.4.1-r1 sys-devel/libtool: 2.4-r1 sys-devel/make: 3.82-r1 sys-kernel/linux-headers: 2.6.38 (virtual/os-headers) sys-libs/glibc: 2.13-r4 Repositories: gentoo dottout sunrise gentoo-zh zugaina wschlich wschlich-testing kouhy Installed sets: ACCEPT_KEYWORDS="amd64 ~amd64" ACCEPT_LICENSE="* -@EULA dlj-1.1 PUEL skype-eula AdobeFlash-10 AdobeFlash-10.1 googleearth" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=core2 -msse3 -mfpmath=sse -O2 -pipe" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /etc/udev/rules.d /lib64/rc /lib64/rcscripts /lib64/udev/rules.d /lib64/udev/uam /usr/sbin/laptop_mode /usr/share/gnupg/qualified.txt /usr/share/laptop-mode-tools /usr/share/openvpn/easy-rsa /usr/share/vim/vimfiles/ftdetect" CONFIG_PROTECT_MASK="/etc/ca-certificates.conf /etc/env.d /etc/env.d/java/ /etc/fonts/fonts.conf /etc/gconf /etc/gentoo-release /etc/php/apache2-php5.3/ext-active/ /etc/php/cgi-php5.3/ext-active/ /etc/php/cli-php5.3/ext-active/ /etc/revdep-rebuild /etc/sandbox.d /etc/splash /etc/terminfo" CXXFLAGS="-march=core2 -msse3 -mfpmath=sse -O2 -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="assume-digests binpkg-logs candy collision-protect distlocks ebuild-locks fixlafiles fixpackages metadata-transfer news parallel-fetch preserve-libs protect-owned sandbox sfperms strict unknown-features-warn unmerge-logs unmerge-orphans userfetch" FFLAGS="" GENTOO_MIRRORS="http://gentoo.osuosl.org/" LANG="en_US.UTF-8" LDFLAGS="-Wl,-O1 -Wl,--as-needed" LINGUAS="en zh zh_CN zh_HK zh_TW en_US" MAKEOPTS="-j3" PKGDIR="/var/portage/packages" PORTAGE_CONFIGROOT="/" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/var/lib/layman/dottout /var/lib/layman/sunrise /var/lib/layman/gentoo-zh /var/lib/layman/zugaina /var/lib/layman/wschlich /var/lib/layman/wschlich-testing /usr/local/portage" SYNC="rsync://rsync.gentoo.org/gentoo-portage" USE="3dnow 3dnowext aalib acl acpi alsa amd64 berkdb bluetooth bzip2 cdr cjk cli cracklib crypt cups cxx dbus directfb dri dts dv dvd fbcon fortran gdbm gif gpm gstreamer iconv ieee1394 ipv6 javascript jpeg lame laptop libcaca mad mmx mmxext modules mp3 mpeg mudflap multilib ncurses nls nptl nptlonly openmp pam pcre perl png posix pppd python quicktime readline sdl session socks5 sse sse2 sse3 ssl ssse3 startup-notification sysfs tcpd threads unicode upnp v4l2 wifi x264 xml xorg xvid zlib" ALSA_CARDS="ali5451 als4000 atiixp atiixp-modem bt87x ca0106 cmipci emu10k1x ens1370 ens1371 es1938 es1968 fm801 hda-intel intel8x0 intel8x0m maestro3 trident usb-audio via82xx via82xx-modem ymfpci" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mmap_emul mulaw multi null plug rate route share shm softvol" APACHE2_MODULES="actions alias auth_basic authn_alias authn_anon authn_dbm authn_default authn_file authz_dbm authz_default authz_groupfile authz_host authz_owner authz_user autoindex cache cgi cgid dav dav_fs dav_lock deflate dir disk_cache env expires ext_filter file_cache filter headers include info log_config logio mem_cache mime mime_magic negotiation rewrite setenvif speling status unique_id userdir usertrack vhost_alias" CALLIGRA_FEATURES="braindump flow karbon kexi kpresenter krita tables words" CAMERAS="canon ptp2" COLLECTD_PLUGINS="df interface irq load memory rrdtool swap syslog" ELIBC="glibc" FOO2ZJS_DEVICES="hp1020" GPSD_PROTOCOLS="ashtech aivdm earthmate evermore fv18 garmin garmintxt gpsclock itrax mtk3301 nmea ntrip navcom oceanserver oldstyle oncore rtcm104v2 rtcm104v3 sirf superstar2 timing tsip tripmate tnt ubx" INPUT_DEVICES="keyboard mouse evdev ps2mouse serialmouse linuxinput joystick" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LINGUAS="en zh zh_CN zh_HK zh_TW en_US" LIRC_DEVICES="alsa_usb audio_alsa irlink logitech macmini mceusb mouseremote mouseremote_ps2 mp3anywhere mplay parallel samsung serial sir tvbox udp usbx userspace wpc8769l xboxusb" PHP_TARGETS="php5-3" RUBY_TARGETS="ruby18" USERLAND="GNU" VIDEO_CARDS="intel i945 i810 vesa fbdev vga" XTABLES_ADDONS="quota2 psd pknock lscan length2 ipv4options ipset ipp2p iface geoip fuzzy condition tee tarpit sysrq steal rawnat logmark ipmark dhcpmac delude chaos account" Unset: CPPFLAGS, CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LC_ALL, PORTAGE_BUNZIP2_COMMAND, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS, PORTAGE_RSYNC_EXTRA_OPTS
In addition to the error I mentioned above, I found another error in dante configure script. This error may also cause "preload" is disabled. From the 31499th line, the code as following: for file in `ldconfig -p | grep /libc.so| xargs -n 1 echo | grep /libc.so`; do test -s "$file" && LIBC_ALTS="${LIBC_ALTS}${LIBC_ALTS:+ }$file" done LIBC_NAME=`echo ${LIBC_ALTS} | sed -e 's/.*\///' | sort -nr | head -n 1` On my system, the output of command "ldconfig -p | grep /libc.so| xargs -n 1 echo | grep /libc.so" is (as following) /libc.so /lib64/libc.so.6 /lib32/libc.so.6 /usr/lib32/libc.so.5 So after for loop, the value of $LIBC_ALTS is "/lib64/libc.so.6 /lib32/libc.so.6 /usr/lib32/libc.so.5" You can see the result is just one line. But obviously the last command "LIBC_NAME=`echo ${LIBC_ALTS} | sed -e 's/.*\///' | sort -nr | head -n 1`" requires the result is more than one line. The one line value of $LIBC_ALTS, which is wrong, causes the final result, the name of libc, on my system is libc.so.5, which belongs to app-emulation/emul-linux-x86-compat. This is absolutely wrong. The libc name should be libc.so.6, which is the native glibc on my system. This is a significant error, isn't it. I'm not sure whether this error can cause other more serious problem. I think the last command should be changed into: LIBC_NAME=`echo ${LIBC_ALTS} | sed -e 's/ \+/\n/g' | sed -e 's/.*\///' | sort -nr | head -n 1` That means, first of all, replace whitespace with newline.
It would be easy to test if your system supported preload after all: Edit the installed socksify script (line 50) and see if it succeeds when NOPRELOAD="" is set.
Actually, I can't reproduce that error, despite not having lari(1) installed either. Could you attach the entire build log, please?
(In reply to comment #3) > It would be easy to test if your system supported preload after all: Edit the > installed socksify script (line 50) and see if it succeeds when NOPRELOAD="" is > set. Of course, I had already tested it in your way before I first reported this bug. And socksify worked fine. And I use tsocks for a long time, it works fine too. So I belive my system does support preload, but ./configure in dante doesn't think so.
Created attachment 280567 [details, diff] Temporary patch for dante to enable preload This patch includes two parts. 1st correct an obvious bug in configure script. 2nd avoid executing 'lari' on my system, because there is no command 'lari' at all.
(In reply to comment #4) > Actually, I can't reproduce that error, despite not having lari(1) installed > either. Could you attach the entire build log, please? Maybe I didn't make myself clear. I didn't say there is error when emerge dante, or configure/compile dante. What I said is the result of ./configure is not correct. ./configure can run successfully, but the checking result is not what I expect. I think there is no need to show you the entire build.log, but if you insist, I will upload it for you. The following is the snippet of build.log after compiling dante without my patch. (I have uploaded my patch above) Configure status: Preloading: Disabled GSSAPI: Not found/disabled KRB5: Not found/disabled LDAP: Not found/disabled SASL: Not found/disabled UPNP: Supported library not found Modules: redirect: Not found bandwidth: Not found session: Not found ldap: Not found You can see the configure status is preloading disabled. In order to change the configure status into preloading enabled. I found two bugs (see Comment #1 and Comment #3). So my patch includes two parts to correct these two bugs. The two parts in my patch are all necessary. The 1st bug I had mentioned in Comment #3 causes the LIBC_NAME is libc.so.5, and this LIBC_NAME causes one conftest.c fail to run, which start at line 31616 in ./configure , shown as below. /* end confdefs.h. */ #include <dlfcn.h> #include <stdio.h> #include "include/symbols.h" int main() { void *lib; void *sym; if ((lib = dlopen(LIBRARY_CONNECT, DL_LAZY)) == NULL) { fprintf(stderr, "dlopen: %s\n", dlerror()); return 1; } (void)dlerror(); if ((sym = dlsym(lib, SYMBOL_CONNECT)) == NULL) { fprintf(stderr, "dlsym: %s\n", dlerror()); return 1; } return 0; } In the code above, the LIBRARY_CONNECT will be expand to LIBRARY_LIBC (refer to "include/symbols.h" of dante). And LIBRARY_LIBC is ${LIBC_NAME} (which is libc.so.5), you can see the line 31519 in ./configure . So dlopen tries to open libc.so.5 in system path, but there is just libc.so.6, no libc.so.5 in system path on my system. So dlopen fails, and the failure causes ./configure thinks my system doesn't support preload (you can see the line 31672 in ./configure, it sets no_preload=t). The 2nd bug is that command 'lari' does not exist in Linux system. So in my patch, I make another conftest.c return 1 at the beginning. That will avoid executing 'lari', and return 1 means preload can be enabled. I think you can understand what I say by reading my patch. And I want say it again, there is no error when emerge dante. The problem is the configure status/result does not reflect the actual situation of my system.
(In reply to comment #5) > (In reply to comment #3) > > It would be easy to test if your system supported preload after all: Edit the > > installed socksify script (line 50) and see if it succeeds when NOPRELOAD="" is > > set. > > > Of course, I had already tested it in your way before I first reported this > bug. > And socksify worked fine. And I use tsocks for a long time, it works fine too. Right, so it's just the preload.m4 test that somehow fails for you and not for me. > So I belive my system does support preload, but ./configure in dante doesn't > think so. Yes.
(In reply to comment #8) > (In reply to comment #5) > > (In reply to comment #3) > > > It would be easy to test if your system supported preload after all: Edit the > > > installed socksify script (line 50) and see if it succeeds when NOPRELOAD="" is > > > set. > > > > > > Of course, I had already tested it in your way before I first reported this > > bug. > > And socksify worked fine. And I use tsocks for a long time, it works fine too. > > Right, so it's just the preload.m4 test that somehow fails for you and not for > me. > > > So I belive my system does support preload, but ./configure in dante doesn't > > think so. > > Yes. So I found there are two bugs why ./configure doesn't think my system supports preload. And I made a patch to correct it temporarily.
I agree with the ldconfig -p change, but I still wonder why your system should return '0' on the lari -V output. It should be 1 since "protected" isn't found in lari's output.
I'd be interested in seeing a complete build log as well since I can't reproduce the issue and the test for the Solaris lari tool outputs the same info for me.
Sorry for late reply, and sorry again, because I am in a business trip, so I have to provide what you need after I go back. Please wait for me, thank you :)
(In reply to comment #12) > Sorry for late reply, and sorry again, because I am in a business trip, so I > have to provide what you need after I go back. Please wait for me, thank you > :) Let us know when you return, maybe we should look into whether this lari part can be done using readelf instead.