Ubuntu
glibc package

ldd secure execution mode

Bug #1700272 reported by G H
10
This bug affects 2 people
Affects Status Importance Assigned to Milestone
glibc (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

Hello,

I noticed that ldd gives wrong results when run
a) with the LD_LIBRARY_PATH environment variable set to some folder and
b) on a binary that will be launched in "secure execution mode" by ld.so (see "man ld.so").

Steps to reproduce:
1. Create a file hello_world.c:
#include <stdio.h>
int main() {
 puts("Hello, World!");
 puts("Press enter to quit");
 scanf("%*c");
}
2. Compile:
$ gcc -o hello_world hello_world.c
3. Attach a capability to the compiled binary, in order to trigger secure execution mode:
$ sudo setcap CAP_NET_BIND_SERVICE=ep hello_world
4. Make the system's libc available somewhere else:
$ cp /lib/x86_64-linux-gnu/libc.so.6 .

In this setup, when you run LD_LIBRARY_PATH=. ldd hello_world, then ldd will report that the binary will use the libc in the local folder.
Actual output:
$ LD_LIBRARY_PATH=. ldd hello_world
 linux-vdso.so.1 => (0x00007ffdbb76a000)
 libc.so.6 => ./libc.so.6 (0x00007f68a182a000)
 /lib64/ld-linux-x86-64.so.2 (0x00005651d2ef7000)

However, when you actually run the binary with
$ LD_LIBRARY_PATH=. ./hello_world
then the binary will use the standard library search path and _not_ use ./libc.so.6 .
You can see this by starting the binary in one terminal, and running the following command in another terminal while the binary is still running:
$ sudo cat /proc/$(pidof hello_world)/maps

This gives me an output like:
[...]
7f76193d5000-7f7619595000 r-xp 00000000 fc:00 2494866 /lib/x86_64-linux-gnu/libc-2.23.so
7f7619595000-7f7619795000 ---p 001c0000 fc:00 2494866 /lib/x86_64-linux-gnu/libc-2.23.so
7f7619795000-7f7619799000 r--p 001c0000 fc:00 2494866 /lib/x86_64-linux-gnu/libc-2.23.so
7f7619799000-7f761979b000 rw-p 001c4000 fc:00 2494866 /lib/x86_64-linux-gnu/libc-2.23.so
[...]

I believe that this is due to the secure execution mode mentioned in the ld.so man page, so this probably also affects set-uid binaries and possibly some other environment variables that control the linker behaviour.

I'm using Ubuntu 16.04.2 (LTS). ldd is on version "ldd (Ubuntu GLIBC 2.23-0ubuntu9) 2.23". The libc-bin package (containing ldd) has version "2.23-0ubuntu9".

Best regards!

Tags: bot-comment
Revision history for this message
G H (gunniboyh) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

Thank you for taking the time to report this bug and helping to make Ubuntu better. It seems that your bug report is not filed about a specific source package though, rather it is just filed against Ubuntu in general. It is important that bug reports be filed about source packages so that people interested in the package can find the bugs about it. You can find some hints about determining what package your bug might be about at https://wiki.ubuntu.com/Bugs/FindRightPackage. You might also ask for help in the #ubuntu-bugs irc channel on Freenode.

To change the source package that this bug is filed about visit https://bugs.launchpad.net/ubuntu/+bug/1700272/+editstatus and add the package name in the text box next to the word Package.

[This is an automated message. I apologize if it reached you inappropriately; please just reply to this message indicating so.]

tags: added: bot-comment
Paul White (paulw2u)
affects: ubuntu → glibc (Ubuntu)
Revision history for this message
Carlo Lobrano (c-lobrano) wrote :

Confirmed also in Ubuntu 17.04 with libc-bin 2.24-9ubuntu2

Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in glibc (Ubuntu):
status: New → Confirmed
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.