Hide Forgot
/usr/lib64/libnss_sss.so.2 in sssd-1.14.0-43.el7.x86_64 is linked against libpthread. This causes problems when static binaries attempt to use NSS-based functions: https://sourceware.org/bugzilla/show_bug.cgi?id=20500 It also increases the risk for symbol collisions with the application binary. What libpthread functionality do you *really* need which is not in libc.so.6?
Upstream ticket: https://fedorahosted.org/sssd/ticket/3156
master: d2f93542650c2f9613043acfa8e2f368972a70cd
To reproduce, compile a program that resolves a user from SSSD, for example: ---------- #include <unistd.h> #include <stdlib.h> #include <stdio.h> #include <sys/types.h> #include <pwd.h> int main() { struct passwd *p; if((p = getpwnam("admin")) != NULL) printf("%s\n", p->pw_name); } ---------- compile the program with -static and then try to run it. With the NSS module that still links against -lphread, the program might crash when loading the lpthread library. Since the library wouldn't be linked with nss_sss at all if the patch is present, no such error should be present with the fixed packages. An important part of testing is regression testing, especially multi-threaded programs.
(In reply to Jakub Hrozek from comment #4) > To reproduce, compile a program that resolves a user from SSSD, for example: > ---------- > #include <unistd.h> > #include <stdlib.h> > #include <stdio.h> > #include <sys/types.h> > #include <pwd.h> > > int > main() > { > struct passwd *p; > > if((p = getpwnam("admin")) != NULL) > printf("%s\n", p->pw_name); > } > ---------- > > compile the program with -static and then try to run it. With the NSS module > that still links against -lphread, the program might crash when loading the > lpthread library. Since the library wouldn't be linked with nss_sss at all > if the patch is present, no such error should be present with the fixed > packages. > > An important part of testing is regression testing, especially > multi-threaded programs. IMHO, there is a much simpler test: ldd /lib64/libnss_sss.so.2 | grep libpthread.so
Versions ========= [root@idm1 yum.repos.d]# rpm -q sssd sssd-1.15.2-29.el7.x86_64 verify libnss_sss.so is linked with libthread. [root@idm1 yum.repos.d]# ldd /lib64/libnss_sss.so.2 | grep libpthread.so [root@idm1 yum.repos.d]# ldd /lib64/libnss_sss.so.2 linux-vdso.so.1 => (0x00007ffd20d49000) libdl.so.2 => /lib64/libdl.so.2 (0x00007f77250f6000) libc.so.6 => /lib64/libc.so.6 (0x00007f7724d33000) /lib64/ld-linux-x86-64.so.2 (0x00007f7725511000)
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHEA-2017:2294