865749 – sys-apps/toybox-0.8.12 sandbox violation

Bug 865749 - sys-apps/toybox-0.8.12 sandbox violation

Summary: sys-apps/toybox-0.8.12 sandbox violation

Status:	CONFIRMED

Alias:	None

Product:	Gentoo Linux
Classification:	Unclassified
Component:	Current packages (show other bugs)
Hardware:	All Linux

Importance:	Normal normal
Assignee:	Patrick Lauer

URL:
Whiteboard:
Keywords:

Depends on:
Blocks:	CVE-2022-32298
	Show dependency tree

Reported:	2022-08-19 07:01 UTC by Agostino Sarubbo
Modified:	2025-01-25 16:17 UTC (History)
CC List:	2 users (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
build.log (build.log,128.47 KB, text/plain) 2022-08-19 07:02 UTC, Agostino Sarubbo	Details
1-sandbox.log (1-sandbox.log,1.40 KB, text/plain) 2022-08-19 07:02 UTC, Agostino Sarubbo	Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Agostino Sarubbo gentoo-dev

2022-08-19 07:01:58 UTC

https://blogs.gentoo.org/ago/2020/07/04/gentoo-tinderbox/

Issue: sys-apps/toybox-0.8.8 sandbox violation.
Discovered on: amd64 (internal ref: ci)

Comment 1 Agostino Sarubbo gentoo-dev

2022-08-19 07:02:00 UTC

Created attachment 800087 [details]
build.log

build log and emerge --info

Comment 2 Agostino Sarubbo gentoo-dev

2022-08-19 07:02:01 UTC

Created attachment 800089 [details]
1-sandbox.log

1-sandbox.log

Comment 3 Agostino Sarubbo gentoo-dev

2022-08-19 07:02:02 UTC

Error(s) that match a know pattern:


login.c:(.text+0x138): undefined reference to `crypt'
md5sum.c:(.text+0x100c): undefined reference to `sin'
mkpasswd.c:(.text+0x10d): undefined reference to `crypt'
passwd.c:(.text+0x26b): undefined reference to `crypt'
scripts/make.sh: line 88: /dev/stderr: Permission denied
su.c:(.text+0x107): undefined reference to `crypt'
/usr/lib/gcc/x86_64-pc-linux-gnu/12.1.1/../../../../x86_64-pc-linux-gnu/bin/ld: passwd.c:(.text+0x2ed): undefined reference to `crypt'
collect2: error: ld returned 1 exit status

Comment 4 Patrick Lauer gentoo-dev

2022-08-20 17:51:26 UTC

 * ACCESS DENIED:  open_wr:       /dev/stderr
scripts/make.sh: line 88: /dev/stderr: Permission denied

... why is /dev/stderr not available/accessible?

Comment 5 Ionen Wolkens gentoo-dev

2022-08-20 18:26:41 UTC

I can reproduce with FEATURES=pid-sandbox (/dev/stderr -> /proc/self/fd/2's self likely related) and not with -pid-sandbox -- but seems not everyone is getting the same results, unsure what's up with this exactly.

meh workarounds that work for me would be to either remove V=1 (makes it use /dev/null instead), or patch/sed -i 's/&>$X/>\&2/' scripts/make.sh

on a side-note there's also:
 * QA Notice: Files built without respecting LDFLAGS have been detected
 *  Please include the following list of files in your report:
 * /usr/bin/toybox
 * QA Notice: Pre-stripped files found:
 * /usr/bin/toybox

Comment 6 Ionen Wolkens gentoo-dev

2022-08-20 18:31:09 UTC

(In reply to Ionen Wolkens from comment #5)
> on a side-note there's also:
>  * QA Notice: Files built without respecting LDFLAGS have been detected
>  *  Please include the following list of files in your report:
>  * /usr/bin/toybox
>  * QA Notice: Pre-stripped files found:
>  * /usr/bin/toybox
Well, LDFLAGS is fine, it's caused by the stripping, could:

dobin generated/unstripped/toybox

Comment 7 Agostino Sarubbo gentoo-dev

2023-02-08 08:13:19 UTC

ci has reproduced this issue with version 0.8.9 - Updating summary.

Comment 8 Agostino Sarubbo gentoo-dev

2025-01-25 16:17:14 UTC

ci has reproduced this issue with version 0.8.12 - Updating summary.