Bug 729044
| Summary: | Debuginfo package issues in krb5 | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 6 | Reporter: | Karel Klíč <kklic> |
| Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> |
| Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 6.1 | CC: | dpal, jplans, prc, rvokal |
| Target Milestone: | rc | ||
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | krb5-1.9-17.el6 | Doc Type: | Bug Fix |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-12-06 17:37:06 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 727919 | ||
(In reply to comment #0) > Several problems related to debuginfo were found in the krb5-1.9-9.el6_1.1 > package. These issues might affect crash analysis done by Automatic Bug > Reporting Tool and its retrace server, and also prevent proper debugging of > crashes via GDB. > > Debuginfo missing for binaries > ------------------------------ > A debuginfo file for a binary is not present in the debuginfo package. This > might be caused by: > - binary being compiled without debugging information > - debugging information being removed from the binary by a build script > - rpmbuild failing to extract debugging information from a binary in a > buildroot because of permissions (eg. suid binaries, binaries without > executable flag set) > > affected binary: /usr/bin/ksu > affected package: krb5-workstation-1.9-9.el6_1.1.i686 > binary contains debug sections (debuginfo script failed to find/strip it) > affected binary file mode: 104755 > > This issue can be investigated by using eu-readelf tool from the elfutils > package. Use `eu-readelf --notes /path/to/binary` to get build ID of a binary. > Then check that the debuginfo package does not contain > /usr/lib/debug/.build-id/<aa>/<bbbbbbbb>, where <aa> are the first two chars of > the build ID, and <bbbbbbbb> is the rest of it. It should be a symlink pointing > back to the binary. What exactly are you asking me to do here? Make the binary not setuid? Yes, a solution is to make the binary not setuid in the build root (in the build script or %compile section of the spec file), and set the setuid flag only in the %files section. This way the debug sections can be properly extracted into debuginfo package. Thanks. That sounds like a workaround for a problem with how we're doing the buildroot policy, but it's doable. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1707.html |
Several problems related to debuginfo were found in the krb5-1.9-9.el6_1.1 package. These issues might affect crash analysis done by Automatic Bug Reporting Tool and its retrace server, and also prevent proper debugging of crashes via GDB. Debuginfo missing for binaries ------------------------------ A debuginfo file for a binary is not present in the debuginfo package. This might be caused by: - binary being compiled without debugging information - debugging information being removed from the binary by a build script - rpmbuild failing to extract debugging information from a binary in a buildroot because of permissions (eg. suid binaries, binaries without executable flag set) affected binary: /usr/bin/ksu affected package: krb5-workstation-1.9-9.el6_1.1.i686 binary contains debug sections (debuginfo script failed to find/strip it) affected binary file mode: 104755 This issue can be investigated by using eu-readelf tool from the elfutils package. Use `eu-readelf --notes /path/to/binary` to get build ID of a binary. Then check that the debuginfo package does not contain /usr/lib/debug/.build-id/<aa>/<bbbbbbbb>, where <aa> are the first two chars of the build ID, and <bbbbbbbb> is the rest of it. It should be a symlink pointing back to the binary. Source file missing in debuginfo package ---------------------------------------- Multiple source files that were used by the compiler to generate a binary are missing from the debuginfo package. This is usually caused by the build script creating temporary source files during the build and deleting them after usage, or by moving source files between directories. Missing source files in debuginfo packages make debugging of crashes more difficult. debuginfo package: krb5-debuginfo-1.9-9.el6_1.1.i686 debuginfo file: /usr/lib/debug/usr/sbin/kdb5_ldap_util.debug missing source: /usr/src/debug/krb5-1.9/src/plugins/kdb/ldap/ldap_util/y.tab.c debuginfo file: /usr/lib/debug/usr/bin/kadmin.debug missing source: /usr/src/debug/krb5-1.9/src/kadmin/cli/y.tab.c debuginfo file: /usr/lib/debug/usr/sbin/kadmin.local.debug missing source: /usr/src/debug/krb5-1.9/src/kadmin/cli/y.tab.c debuginfo file: /usr/lib/debug/usr/sbin/kdb5_util.debug missing source: /usr/src/debug/krb5-1.9/src/kadmin/cli/y.tab.c Please consider changing the package build script (if that is the cause of this issue) to keep the source files on their compilation place, so rpmbuild can find them when generating debuginfo package. (This bug was detected and filed by a script.)