Public bug reported:
Hello,
I noticed that ldd gives wrong results when run
a) with the LD_LIBRARY_PATH environment variable set to some folder and
b) on a binary that will be launched in "secure execution mode" by ld.so (see
"man ld.so").
Steps to reproduce:
1. Create a file hello_world.c:
#include <stdio.h>
int main() {
puts("Hello, World!");
puts("Press enter to quit");
scanf("%*c");
}
2. Compile:
$ gcc -o hello_world hello_world.c
3. Attach a capability to the compiled binary, in order to trigger secure
execution mode:
$ sudo setcap CAP_NET_BIND_SERVICE=ep hello_world
4. Make the system's libc available somewhere else:
$ cp /lib/x86_64-linux-gnu/libc.so.6 .
In this setup, when you run LD_LIBRARY_PATH=. ldd hello_world, then ldd will
report that the binary will use the libc in the local folder.
Actual output:
$ LD_LIBRARY_PATH=. ldd hello_world
linux-vdso.so.1 => (0x00007ffdbb76a000)
libc.so.6 => ./libc.so.6 (0x00007f68a182a000)
/lib64/ld-linux-x86-64.so.2 (0x00005651d2ef7000)
However, when you actually run the binary with
$ LD_LIBRARY_PATH=. ./hello_world
then the binary will use the standard library search path and _not_ use
./libc.so.6 .
You can see this by starting the binary in one terminal, and running the
following command in another terminal while the binary is still running:
$ sudo cat /proc/$(pidof hello_world)/maps
This gives me an output like:
[...]
7f76193d5000-7f7619595000 r-xp 00000000 fc:00 2494866
/lib/x86_64-linux-gnu/libc-2.23.so
7f7619595000-7f7619795000 ---p 001c0000 fc:00 2494866
/lib/x86_64-linux-gnu/libc-2.23.so
7f7619795000-7f7619799000 r--p 001c0000 fc:00 2494866
/lib/x86_64-linux-gnu/libc-2.23.so
7f7619799000-7f761979b000 rw-p 001c4000 fc:00 2494866
/lib/x86_64-linux-gnu/libc-2.23.so
[...]
I believe that this is due to the secure execution mode mentioned in the
ld.so man page, so this probably also affects set-uid binaries and
possibly some other environment variables that control the linker
behaviour.
I'm using Ubuntu 16.04.2 (LTS). ldd is on version "ldd (Ubuntu GLIBC
2.23-0ubuntu9) 2.23". The libc-bin package (containing ldd) has version
"2.23-0ubuntu9".
Best regards!
** Affects: ubuntu
Importance: Undecided
Status: New
** Tags: bot-comment
** Attachment added: "the hello_world.c file and a Makefile"
https://bugs.launchpad.net/bugs/1700272/+attachment/4902313/+files/demo.zip
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1700272
Title:
ldd secure execution mode
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+bug/1700272/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
