On Wed, 19 Dec 2007, Michael Halcrow wrote:

-> > The test with one file on this machine was OK, but soon as I put it
-> > into real use on another machine and tried to do a mount, the mount
-> > fails on empty directories. It says something about not being able
-> > to resolve a full path, but there's nothing special about the
-> > directory /var/cache/ecryptfs/100. It's not NFS or any such thing,
-> > just a normal filesystem directory. This was reproduced with first
-> > my real key, then here, a testing key.
-> 
-> Strange. So if you execute just this as root, you get an error?
-> 
-> ---
-> #include <limits.h>
-> #include <stdlib.h>
-> #include <errno.h>
-> #include <stdio.h>
-> 
-> int main()
-> {
->      char *path;
-> 
->      path = realpath("/var/cache/ecryptfs/100", NULL);
->      if (path == NULL)
->              printf("errno = [%m]\n", errno);
-> }

This one had me confused. 

vdrl.ath.cx:

gcc -o test_path test_path.c && ./test_path                    
errno = [Invalid argument]


Filesystem         Mount               Megs     Used    Avail %Used fs Type   
/dev/hda1          /                36784.6  13783.8  21102.1  43%  ext2      
configfs           /config              0.0      0.0      0.0   0%  configfs  
devpts             /dev/pts             0.0      0.0      0.0   0%  devpts    
shm                /dev/shm           248.0      0.0    248.0   0%  tmpfs     
proc               /proc                0.0      0.0      0.0   0%  proc      
usbfs              /proc/bus/usb        0.0      0.0      0.0   0%  usbfs     
sysfs              /sys                 0.0      0.0      0.0   0%  sysfs     
securityfs         /sys/kernel/sec      0.0      0.0      0.0   0%  securityfs



atr2.ath.cx:

gcc -o test_path test_path.c && ./test_path
-8- [EMAIL PROTECTED] ~ #

Filesystem         Mount               Megs     Used    Avail %Used fs Type
/dev/hdc1          /                74839.1  10156.2  60881.2  19%  ext2
configfs           /config              0.0      0.0      0.0   0%  configfs
devpts             /dev/pts             0.0      0.0      0.0   0%  devpts
shm                /dev/shm            77.8      0.0     77.8   0%  tmpfs
/dev/hdd3          /home             2721.6     74.7   2508.6   8%  ext2
proc               /proc                0.0      0.0      0.0   0%  proc
usbfs              /proc/bus/usb        0.0      0.0      0.0   0%  usbfs
sysfs              /sys                 0.0      0.0      0.0   0%  sysfs
securityfs         /sys/kernel/sec      0.0      0.0      0.0   0%
securityfs
/dev/hdd2          /tmp               178.7     12.1    157.1  12%  ext2
/dev/hdd1          /var/tmp           134.1      0.0    126.9   5%  ext2


Two different results both on an ext2 filesystem, depending on 
the machine. It's not just that directory, but I tried the 
program on each directory all the way down to / and got the 
same result each time.

Worst of all, I get two different results on two machines that
are supposedly equal, only difference being one is a Pentium II
and the other's a Pentium 4. I couldn't see why this was, then
something made me think of ld.so.preload. The load on atr2 is
too high to use any extra time to run everything thru /lib/libsafe.so.2,
so on that machine there is no /etc/ld.so.preload, and hence no
/lib/libsafe.so.2. On vdrl, the load is lower and /lib/libsafe.so.2
was left in. Strangeness, I've never seen it affect anything before
in such a way:


[EMAIL PROTECTED] /tmp # whoami && uname -a && cat /etc/ld.so.preload && gcc -o 
test_path test_path.c && ./test_path
root
Linux vdrl 2.6.23.9 #1 Sat Dec 15 05:08:22 EST 2007 i686 GNU/Linux
/lib/libsafe.so.2
errno = [Invalid argument]

-27- [EMAIL PROTECTED] /tmp # mv /etc/ld.so.preload /var/tmp

`/etc/ld.so.preload' -> `/var/tmp/ld.so.preload'

[EMAIL PROTECTED] /tmp # ./test_path
-8- [EMAIL PROTECTED] /tmp #


----------------------------------------------------

[EMAIL PROTECTED] ~ # ls -la /lib/libsafe.so.2
lrwxrwxrwx 1 root root 17 2005-11-20 12:00 /lib/libsafe.so.2 -> 
libsafe.so.2.0.16*

[EMAIL PROTECTED] ~ # echo  /lib/libsafe.so.2 > /etc/ld.so.preload

[EMAIL PROTECTED] ~ # gcc -o test_path test_path.c && ./test_path
errno = [Invalid argument]

-27- [EMAIL PROTECTED] ~ # rm /etc/ld.so.preload

[EMAIL PROTECTED] ~ # ./test_path
-8- [EMAIL PROTECTED] ~ #

realpath is one of the functions watched by libsafe due to the possibility of 
overflowing the path buffer. Evidently it changes something, somewhere, yet no 
record is made in the syslog, as usually happens when libsafe makes an action.
As you can see from above, the file is dated in 2005. I checked from their 
website but I couldn't find anything about libsafe anymore. My guess is it's 
discontinued.


I guess the moral of the story is don't use /etc/ld.so.preload ;)

My fault, but at least now it's known, and on the mailing list too, if someone 
else should have a similar problem, to look at what's preloaded by the dynamic 
linker. At one time some distros used libsafe, but it's old(er) now and 
possibly discontinued. It did find some bugs in tcsh and others, but never to 
my knowlege stopped any real attacks (never had any of this type so far as I 
can tell). I can do without it, or use libssp from gcc for similar 
functionality, which is being maintained at the moment. Thanks for looking 
into this.




-------------------------------------------------------------------------
SF.Net email is sponsored by:
Check out the new SourceForge.net Marketplace.
It's the best place to buy or sell services
for just about anything Open Source.
http://ad.doubleclick.net/clk;164216239;13503038;w?http://sf.net/marketplace
_______________________________________________
eCryptfs-users mailing list
eCryptfs-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/ecryptfs-users

Reply via email to