Bug 729044
Summary: | Debuginfo package issues in krb5 | ||
---|---|---|---|
Product: | Red Hat Enterprise Linux 6 | Reporter: | Karel Klíč <kklic> |
Component: | krb5 | Assignee: | Nalin Dahyabhai <nalin> |
Status: | CLOSED ERRATA | QA Contact: | BaseOS QE Security Team <qe-baseos-security> |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | 6.1 | CC: | dpal, jplans, prc, rvokal |
Target Milestone: | rc | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | krb5-1.9-17.el6 | Doc Type: | Bug Fix |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2011-12-06 17:37:06 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 727919 |
Description
Karel Klíč
2011-08-08 15:20:56 UTC
(In reply to comment #0) > Several problems related to debuginfo were found in the krb5-1.9-9.el6_1.1 > package. These issues might affect crash analysis done by Automatic Bug > Reporting Tool and its retrace server, and also prevent proper debugging of > crashes via GDB. > > Debuginfo missing for binaries > ------------------------------ > A debuginfo file for a binary is not present in the debuginfo package. This > might be caused by: > - binary being compiled without debugging information > - debugging information being removed from the binary by a build script > - rpmbuild failing to extract debugging information from a binary in a > buildroot because of permissions (eg. suid binaries, binaries without > executable flag set) > > affected binary: /usr/bin/ksu > affected package: krb5-workstation-1.9-9.el6_1.1.i686 > binary contains debug sections (debuginfo script failed to find/strip it) > affected binary file mode: 104755 > > This issue can be investigated by using eu-readelf tool from the elfutils > package. Use `eu-readelf --notes /path/to/binary` to get build ID of a binary. > Then check that the debuginfo package does not contain > /usr/lib/debug/.build-id/<aa>/<bbbbbbbb>, where <aa> are the first two chars of > the build ID, and <bbbbbbbb> is the rest of it. It should be a symlink pointing > back to the binary. What exactly are you asking me to do here? Make the binary not setuid? Yes, a solution is to make the binary not setuid in the build root (in the build script or %compile section of the spec file), and set the setuid flag only in the %files section. This way the debug sections can be properly extracted into debuginfo package. Thanks. That sounds like a workaround for a problem with how we're doing the buildroot policy, but it's doable. Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. http://rhn.redhat.com/errata/RHBA-2011-1707.html |