Ubuntu
glibc package

ld.so.preload not multilib safe

Bug #33994 reported by John Moser
18
This bug affects 1 person
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Confirmed
Medium
Unassigned

Bug Description

If you modify /etc/ld.so.preload you must use native libraries only or the system WILL break. This becomes a problem when trying to integrate LibSafe. Consider the following two scenarios:

IA-32:
 - Install 32-bit Ubuntu for IA-32
 - Install libsafe
 - Add /lib/libsafe.so to /etc/ld.so.preload
 - All executed programs are run with libsafe

x86-64:
 - Install 64-bit Ubuntu for x86-64
 - Install x86-64 libsafe
 - Install IA-32 libsafe
 - Add /lib/libsafe.so to /etc/ld.so.preload
 - Add /lib32/libsafe.so to /etc/ld.so.preload
 - 64-bit programs use /lib/libsafe.so
 - 32-bit programs use /lib32/libsafe.so
 - 64-bit SUID programs complain that /lib32/libsafe.so won't link in and REFUSE TO RUN. This totally breaks sudo and su.

In summary, using ld.so.preload on a multilib system will allow only ld.so.preload for whatever binary architecture the setuid programs are; and if not all SUID programs are in the same architecture (i.e. some are IA-32 and some are IA-64), then ld.so.preload cannot be used.

The solution is to patch libc6 to use /etc/ld.so.preload and /etc/ld.so.preload.BITLEVEL; this way, IA-32 libc6 can use /etc/ld.so.preload.32 and IA-64 can use /etc/ld.so.preload.64

This bug should be reported upstream as well.

Revision history for this message
Jeff Bailey (jbailey) wrote :

Thanks for this! I don't think this is an upstream bug, since they don't officially support multiple architectures without chroots. It becomes a distro problem at that point.

Tks,
Jeff Bailey

Changed in glibc:
assignee: nobody → jbailey
status: Unconfirmed → Confirmed
Jeff Bailey (jbailey)
Changed in glibc:
assignee: jbailey → nobody
Revision history for this message
Erik Andrén (erik-andren) wrote :

I'm currently bitten by this. Is there a solution in current (Hardy)?

Revision history for this message
Matthias Klose (doko) wrote :

is this still an issue with hardy and/or intrepid?

Changed in glibc:
status: Confirmed → Incomplete
Revision history for this message
Javier Jardón (jjardon) wrote :

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Changed in glibc:
status: Incomplete → Invalid
Oliver Kuster (olivervbk)
Changed in glibc (Ubuntu):
status: Invalid → Confirmed
status: Confirmed → New
Revision history for this message
Oliver Kuster (olivervbk) wrote :

I'm using 'snoopy logger' and came upon this problem with compatibilities.
http://sourceforge.net/projects/snoopylogger/

This library is preloaded (/etc/ld.so.preload ) and logs activity.

So, on a 64bit system, having the 32bit and 64bit version of library installed and included in the /etc/ld.so.preload file, when:
Running a 64bit app, complains that the 32bit library could not be loaded.
Running a 32bit app, complains that the 64bit library could no be loaded.

The same problem applies, that ld.so.preload does no differentiate between 64 and 32 bit libraries.

Tested on rhel5 and lucid.

Revision history for this message
Oliver Kuster (olivervbk) wrote :

The solution I found in rhel5 was to add a script to /etc/profiles.d/
with the content:

LD_PRELOAD_32=/lib/snoopy.so
readonly LD_PRELOAD
export LD_PRELOAD_64=/lib64/snoopy.so
readonly LD_PRELOAD_64

I did only test it in bash and only on rhel5 systems.

Stefan Feltmann (stefan-feltmann)
Changed in glibc (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.