1906575 – glibc: CI container infrastructure reliability and /usr/bin/ldd

Bug 1906575 - glibc: CI container infrastructure reliability and /usr/bin/ldd

Summary: glibc: CI container infrastructure reliability and /usr/bin/ldd

Keywords:
Status:	CLOSED DUPLICATE of bug 1900021
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	glibc
Sub Component:
Version:	rawhide
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Carlos O'Donell
QA Contact:	Fedora Extras Quality Assurance
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2020-12-10 19:49 UTC by Bastien Nocera
Modified:	2020-12-15 14:28 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2020-12-15 14:28:12 UTC
Type:	Bug
Embargoed:
Dependent Products:

Attachments	(Terms of Use)
0001-ldd-Don-t-use-test-to-check-for-file-accessibility.patch (1.96 KB, patch) 2020-12-11 12:37 UTC, Bastien Nocera	no flags	Details \| Diff
View All

Description Bastien Nocera 2020-12-10 19:49:12 UTC

glibc-2.32.9000-19.fc34.x86_64
bash-5.0.17-3.fc34.x86_64

On some CI containers, ldd exits early thinking that the binary just created to use for gobject-introspection isn't readable, or executable.

Here's the end of the compilation:

[22/64] Compiling C object lib/libgnome-bluetooth.so.13.0.2.p/pin.c.o
[23/64] Lin king target lib/libgnome-bluetooth.so.13.0.2
[24/64] Generating GnomeBluetooth-1.0.gir with a custom command
FAILED: lib/GnomeBluetooth-1.0.gir 
HAVE_CONFIG_H -DBONOBO_DISABLE_DEPRECATED -DBONOBO_DISABLE_SINGLE_INCLUDES -DBONOBO_UI_DISABLE_DEPRECATED -DBONOBO_UI_DISABLE_SINGLE_INCLUDES -DGCONF_DISABLE_DEPRECATED -DGCONF_DISABLE_SINGLE_INCLUDES -DGNOME_DISABLE_DEPRECATED -DGNOME_DISABLE_SINGLE_INCLUDES -DGNOME_VFS_DISABLE_DEPRECATED -DGNOME_VFS_DISABLE_SINGLE_INCLUDES -DLIBGLADE_DISABLE_DEPRECATED -DLIBGLADE_DISABLE_SINGLE_INCLUDES -DLIBSOUP_DISABLE_DEPRECATED -DLIBSOUP_DISABLE_SINGLE_INCLUDES -DWNCK_DISABLE_DEPRECATED -DWNCK_DISABLE_SINGLE_INCLUDES -Werror=format=2 -Werror=implicit-function-declaration -Werror=init-self -Werror=missing-prototypes -Werror=missing-include-dirs -Werror=pointer-arith -Werror=return-type -Wnested-externs -Wstrict-prototypes -I./. -I../. -I/usr/include/glib-2.0 -I/usr/lib64/glib-2.0/include -I/usr/include/libmount -I/usr/include/blkid -I/usr/include/gtk-3.0 -I/usr/include/pango-1.0 -I/usr/include/harfbuzz -I/usr/include/freetype2 -I/usr/include/libpng16 -I/usr/include/fribidi -I/usr/include/libxml2 -I/usr/include/cairo -I/usr/include/pixman-1 -I/usr/include/gdk-pixbuf-2.0 -I/usr/include/gio-unix-2.0 -I/usr/include/atk-1.0 -I/usr/include/at-spi2-atk/2.0 -I/usr/include/dbus-1.0 -I/usr/lib64/dbus-1.0/include -I/usr/include/at-spi-2.0 -D_REENTRANT -I/usr/include/gobject-introspection-1.0 --cflags-end --add-include-path=/usr/share/gir-1.0 --library gnome-bluetooth -L/builds/GNOME/gnome-bluetooth/_build/lib --extra-library=gio-2.0 --extra-library=gobject-2.0 --extra-library=glib-2.0 --extra-library=gtk-3 --extra-library=gdk-3 --extra-library=pangocairo-1.0 --extra-library=pango-1.0 --extra-library=harfbuzz --extra-library=atk-1.0 --extra-library=cairo-gobject --extra-library=cairo --extra-library=gdk_pixbuf-2.0 --extra-library=canberra-gtk3 --extra-library=X11 --extra-library=canberra --extra-library=notify --extra-library=udev --extra-library=m --extra-library=girepository-1.0 --sources-top-dirs /builds/GNOME/gnome-bluetooth/subprojects/ --sources-top-dirs /builds/GNOME/gnome-bluetooth/_build/subprojects/
g-ir-scanner: link: gcc -pthread -o /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0 /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0.o -L. -Wl,-rpath,. -Wl,--no-as-needed -L/builds/GNOME/gnome-bluetooth/_build/lib -Wl,-rpath,/builds/GNOME/gnome-bluetooth/_build/lib -lgnome-bluetooth -lgio-2.0 -lgobject-2.0 -lglib-2.0 -lgtk-3 -lgdk-3 -lpangocairo-1.0 -lpango-1.0 -lharfbuzz -latk-1.0 -lcairo-gobject -lcairo -lgdk_pixbuf-2.0 -lcanberra-gtk3 -lX11 -lcanberra -lnotify -ludev -lm -lgirepository-1.0 -lgio-2.0 -lgobject-2.0 -Wl,--export-dynamic -lgmodule-2.0 -pthread -lglib-2.0 -lglib-2.0
ldd: error: you do not have read permission for `/builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0'
Caught exception: <class 'subprocess.CalledProcessError'> CalledProcessError(1, ['ldd', '/builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0'])
> /usr/lib64/python3.9/subprocess.py(524)run()
-> raise CalledProcessError(retcode, process.args,
(Pdb) 
ninja: build stopped: subcommand failed.
-rwxr-xr-x. 1 root root system_u:object_r:unlabeled_t:s0 36912 Dec 10 19:28 /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0

The binary is readable:

$ file /builds/GNOME/gnome-bluetooth/_build/tmp-*/GnomeBluetooth-1.0
/builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0: ELF 64-bit LSB executable, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, BuildID[sha1]=30b5f38c9b3229e913c79b8baea84c541ddb6255, for GNU/Linux 3.2.0, not stripped

But bash thinks it's not readable:

$ bash -x ldd /builds/GNOME/gnome-bluetooth/_build/tmp-*/GnomeBluetooth-1.0 || echo bash failed
+ TEXTDOMAIN=libc
+ TEXTDOMAINDIR=/usr/share/locale
+ RTLDLIST='/lib/ld-linux.so.2 /lib64/ld-linux-x86-64.so.2 /libx32/ld-linux-x32.so.2'
+ warn=
+ bind_now=
+ verbose=
+ test 1 -gt 0
+ case "$1" in
+ break
+ add_env='LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW='
+ add_env='LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW= LD_LIBRARY_VERSION=$verify_out'
+ add_env='LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW= LD_LIBRARY_VERSION=$verify_out LD_VERBOSE='
+ test '' = yes
+ case $# in
+ single_file=t
+ result=0
+ for file in "$@"
+ test t = t
+ case $file in
+ :
+ test '!' -e /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ test '!' -f /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ test -r /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ echo ldd: 'error: you do not have read permission for' '`/builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0'\'''
ldd: error: you do not have read permission for `/builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0'
+ result=1
+ exit 1
bash failed
$ sh -x -x ldd /builds/GNOME/gnome-bluetooth/_build/tmp-*/GnomeBluetooth-1.0 || echo sh failed
+ TEXTDOMAIN=libc
+ TEXTDOMAINDIR=/usr/share/locale
+ RTLDLIST='/lib/ld-linux.so.2 /lib64/ld-linux-x86-64.so.2 /libx32/ld-linux-x32.so.2'
+ warn=
+ bind_now=
+ verbose=
+ test 1 -gt 0
+ case "$1" in
+ break
+ add_env='LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW='
+ add_env='LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW= LD_LIBRARY_VERSION=$verify_out'
+ add_env='LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW= LD_LIBRARY_VERSION=$verify_out LD_VERBOSE='
+ test '' = yes
+ case $# in
+ single_file=t
+ result=0
+ for file in "$@"
+ test t = t
+ case $file in
+ :
+ test '!' -e /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ test '!' -f /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ test -r /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ echo ldd: 'error: you do not have read permission for' '`/builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0'\'''
ldd: error: you do not have read permission for `/builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0'
+ result=1
+ exit 1
sh failed

Neutering those file tests works:
$ sed -i 's/test -r/test -f/g' /bin/ldd
$ sed -i 's/test -x/test -f/g' /bin/ldd
$ sh -x ldd /builds/GNOME/gnome-bluetooth/_build/tmp-*/GnomeBluetooth-1.0 || echo fixed sh failed
+ TEXTDOMAIN=libc
+ TEXTDOMAINDIR=/usr/share/locale
+ RTLDLIST='/lib/ld-linux.so.2 /lib64/ld-linux-x86-64.so.2 /libx32/ld-linux-x32.so.2'
+ warn=
+ bind_now=
+ verbose=
+ test 1 -gt 0
+ case "$1" in
+ break
+ add_env='LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW='
+ add_env='LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW= LD_LIBRARY_VERSION=$verify_out'
+ add_env='LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW= LD_LIBRARY_VERSION=$verify_out LD_VERBOSE='
+ test '' = yes
+ case $# in
+ single_file=t
+ result=0
+ for file in "$@"
+ test t = t
+ case $file in
+ :
+ test '!' -e /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ test '!' -f /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ test -f /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ test -f /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ RTLD=
+ ret=1
+ for rtld in ${RTLDLIST}
+ test -f /lib/ld-linux.so.2
+ for rtld in ${RTLDLIST}
+ test -f /lib64/ld-linux-x86-64.so.2
++ /lib64/ld-linux-x86-64.so.2 --verify /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
+ verify_out=
+ ret=0
+ case $ret in
+ RTLD=/lib64/ld-linux-x86-64.so.2
+ break
+ case $ret in
+ try_trace /lib64/ld-linux-x86-64.so.2 /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
++ eval LD_TRACE_LOADED_OBJECTS=1 LD_WARN= LD_BIND_NOW= 'LD_LIBRARY_VERSION=$verify_out' LD_VERBOSE= '"$@"'
++ rc=0
++ printf x
++ exit 0
+ output='+++ LD_TRACE_LOADED_OBJECTS=1
+++ LD_WARN=
+++ LD_BIND_NOW=
+++ LD_LIBRARY_VERSION=
+++ LD_VERBOSE=
+++ /lib64/ld-linux-x86-64.so.2 /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
	linux-vdso.so.1 (0x00007ffc0bfb8000)
	libgnome-bluetooth.so.13 => /builds/GNOME/gnome-bluetooth/_build/lib/libgnome-bluetooth.so.13 (0x00007fd456144000)
	libgio-2.0.so.0 => /lib64/libgio-2.0.so.0 (0x00007fd455f6f000)
	libgobject-2.0.so.0 => /lib64/libgobject-2.0.so.0 (0x00007fd455f15000)
	libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007fd455de3000)
	libgtk-3.so.0 => /lib64/libgtk-3.so.0 (0x00007fd45562e000)
	libgdk-3.so.0 => /lib64/libgdk-3.so.0 (0x00007fd45552a000)
	libpangocairo-1.0.so.0 => /lib64/libpangocairo-1.0.so.0 (0x00007fd455516000)
	libpango-1.0.so.0 => /lib64/libpango-1.0.so.0 (0x00007fd4554c4000)
	libharfbuzz.so.0 => /lib64/libharfbuzz.so.0 (0x00007fd4553f6000)
	libatk-1.0.so.0 => /lib64/libatk-1.0.so.0 (0x00007fd4553cd000)
	libcairo-gobject.so.2 => /lib64/libcairo-gobject.so.2 (0x00007fd4553c1000)
	libcairo.so.2 => /lib64/libcairo.so.2 (0x00007fd4552a6000)
	libgdk_pixbuf-2.0.so.0 => /lib64/libgdk_pixbuf-2.0.so.0 (0x00007fd455279000)
	libcanberra-gtk3.so.0 => /lib64/libcanberra-gtk3.so.0 (0x00007fd455272000)
	libX11.so.6 => /lib64/libX11.so.6 (0x00007fd45512b000)
	libcanberra.so.0 => /lib64/libcanberra.so.0 (0x00007fd455118000)
	libnotify.so.4 => /lib64/libnotify.so.4 (0x00007fd45510d000)
	libudev.so.1 => /lib64/libudev.so.1 (0x00007fd4550e1000)
	libm.so.6 => /lib64/libm.so.6 (0x00007fd454f9a000)
	libgirepository-1.0.so.1 => /lib64/libgirepository-1.0.so.1 (0x00007fd454f76000)
	libgmodule-2.0.so.0 => /lib64/libgmodule-2.0.so.0 (0x00007fd454f70000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fd454f4f000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fd454d7f000)
	libz.so.1 => /lib64/libz.so.1 (0x00007fd454d65000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007fd454d20000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fd454cf4000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fd454cda000)
	libffi.so.6 => /lib64/libffi.so.6 (0x00007fd454ccf000)
	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fd454c56000)
	libXinerama.so.1 => /lib64/libXinerama.so.1 (0x00007fd454c51000)
	libXrandr.so.2 => /lib64/libXrandr.so.2 (0x00007fd454c42000)
	libXcursor.so.1 => /lib64/libXcursor.so.1 (0x00007fd454c35000)
	libXext.so.6 => /lib64/libXext.so.6 (0x00007fd454c20000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fd454c15000)
	libXi.so.6 => /lib64/libXi.so.6 (0x00007fd454c03000)
	libXcomposite.so.1 => /lib64/libXcomposite.so.1 (0x00007fd454bfe000)
	libXdamage.so.1 => /lib64/libXdamage.so.1 (0x00007fd454bf7000)
	libXfixes.so.3 => /lib64/libXfixes.so.3 (0x00007fd454bee000)
	libatk-bridge-2.0.so.0 => /lib64/libatk-bridge-2.0.so.0 (0x00007fd454bb7000)
	libxkbcommon.so.0 => /lib64/libxkbcommon.so.0 (0x00007fd454b72000)
	libwayland-cursor.so.0 => /lib64/libwayland-cursor.so.0 (0x00007fd454b68000)
	libwayland-egl.so.1 => /lib64/libwayland-egl.so.1 (0x00007fd454b63000)
	libwayland-client.so.0 => /lib64/libwayland-client.so.0 (0x00007fd454b51000)
	libepoxy.so.0 => /lib64/libepoxy.so.0 (0x00007fd454a1c000)
	libfribidi.so.0 => /lib64/libfribidi.so.0 (0x00007fd4549fe000)
	libpangoft2-1.0.so.0 => /lib64/libpangoft2-1.0.so.0 (0x00007fd4549e4000)
	libfontconfig.so.1 => /lib64/libfontconfig.so.1 (0x00007fd454995000)
	libfreetype.so.6 => /lib64/libfreetype.so.6 (0x00007fd4548d2000)
	libthai.so.0 => /lib64/libthai.so.0 (0x00007fd4548c5000)
	libgraphite2.so.3 => /lib64/libgraphite2.so.3 (0x00007fd4548a4000)
	libpixman-1.so.0 => /lib64/libpixman-1.so.0 (0x00007fd4547f7000)
	libpng16.so.16 => /lib64/libpng16.so.16 (0x00007fd4547bd000)
	libxcb-shm.so.0 => /lib64/libxcb-shm.so.0 (0x00007fd4547b8000)
	libxcb.so.1 => /lib64/libxcb.so.1 (0x00007fd45478b000)
	libxcb-render.so.0 => /lib64/libxcb-render.so.0 (0x00007fd45477b000)
	libXrender.so.1 => /lib64/libXrender.so.1 (0x00007fd45476e000)
	libgthread-2.0.so.0 => /lib64/libgthread-2.0.so.0 (0x00007fd454769000)
	libvorbisfile.so.3 => /lib64/libvorbisfile.so.3 (0x00007fd45475e000)
	libtdb.so.1 => /lib64/libtdb.so.1 (0x00007fd454743000)
	libltdl.so.7 => /lib64/libltdl.so.7 (0x00007fd454737000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fd454730000)
	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fd454715000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fd456189000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fd4546e0000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fd454647000)
	libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x00007fd4545f6000)
	libatspi.so.0 => /lib64/libatspi.so.0 (0x00007fd4545bf000)
	libxml2.so.2 => /lib64/libxml2.so.2 (0x00007fd454434000)
	libbz2.so.1 => /lib64/libbz2.so.1 (0x00007fd454421000)
	libbrotlidec.so.1 => /lib64/libbrotlidec.so.1 (0x00007fd454411000)
	libdatrie.so.1 => /lib64/libdatrie.so.1 (0x00007fd454408000)
	libXau.so.6 => /lib64/libXau.so.6 (0x00007fd454402000)
	libvorbis.so.0 => /lib64/libvorbis.so.0 (0x00007fd4543d3000)
	libogg.so.0 => /lib64/libogg.so.0 (0x00007fd4543c8000)
	libsystemd.so.0 => /lib64/libsystemd.so.0 (0x00007fd454305000)
	liblzma.so.5 => /lib64/liblzma.so.5 (0x00007fd4542d9000)
	libbrotlicommon.so.1 => /lib64/libbrotlicommon.so.1 (0x00007fd4542b6000)
	libzstd.so.1 => /lib64/libzstd.so.1 (0x00007fd454201000)
	liblz4.so.1 => /lib64/liblz4.so.1 (0x00007fd4541e3000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fd4541d7000)
	libgcrypt.so.20 => /lib64/libgcrypt.so.20 (0x00007fd4540b2000)
	libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x00007fd45408d000)
x'
+++ LD_TRACE_LOADED_OBJECTS=1
+++ LD_WARN=
+++ LD_BIND_NOW=
+++ LD_LIBRARY_VERSION=
+++ LD_VERBOSE=
+++ /lib64/ld-linux-x86-64.so.2 /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
	linux-vdso.so.1 (0x00007ffc0bfb8000)
	libgnome-bluetooth.so.13 => /builds/GNOME/gnome-bluetooth/_build/lib/libgnome-bluetooth.so.13 (0x00007fd456144000)
	libgio-2.0.so.0 => /lib64/libgio-2.0.so.0 (0x00007fd455f6f000)
	libgobject-2.0.so.0 => /lib64/libgobject-2.0.so.0 (0x00007fd455f15000)
	libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007fd455de3000)
	libgtk-3.so.0 => /lib64/libgtk-3.so.0 (0x00007fd45562e000)
	libgdk-3.so.0 => /lib64/libgdk-3.so.0 (0x00007fd45552a000)
	libpangocairo-1.0.so.0 => /lib64/libpangocairo-1.0.so.0 (0x00007fd455516000)
	libpango-1.0.so.0 => /lib64/libpango-1.0.so.0 (0x00007fd4554c4000)
	libharfbuzz.so.0 => /lib64/libharfbuzz.so.0 (0x00007fd4553f6000)
	libatk-1.0.so.0 => /lib64/libatk-1.0.so.0 (0x00007fd4553cd000)
	libcairo-gobject.so.2 => /lib64/libcairo-gobject.so.2 (0x00007fd4553c1000)
	libcairo.so.2 => /lib64/libcairo.so.2 (0x00007fd4552a6000)
	libgdk_pixbuf-2.0.so.0 => /lib64/libgdk_pixbuf-2.0.so.0 (0x00007fd455279000)
	libcanberra-gtk3.so.0 => /lib64/libcanberra-gtk3.so.0 (0x00007fd455272000)
	libX11.so.6 => /lib64/libX11.so.6 (0x00007fd45512b000)
	libcanberra.so.0 => /lib64/libcanberra.so.0 (0x00007fd455118000)
	libnotify.so.4 => /lib64/libnotify.so.4 (0x00007fd45510d000)
	libudev.so.1 => /lib64/libudev.so.1 (0x00007fd4550e1000)
	libm.so.6 => /lib64/libm.so.6 (0x00007fd454f9a000)
	libgirepository-1.0.so.1 => /lib64/libgirepository-1.0.so.1 (0x00007fd454f76000)
	libgmodule-2.0.so.0 => /lib64/libgmodule-2.0.so.0 (0x00007fd454f70000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fd454f4f000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fd454d7f000)
	libz.so.1 => /lib64/libz.so.1 (0x00007fd454d65000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007fd454d20000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fd454cf4000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fd454cda000)
	libffi.so.6 => /lib64/libffi.so.6 (0x00007fd454ccf000)
	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fd454c56000)
	libXinerama.so.1 => /lib64/libXinerama.so.1 (0x00007fd454c51000)
	libXrandr.so.2 => /lib64/libXrandr.so.2 (0x00007fd454c42000)
	libXcursor.so.1 => /lib64/libXcursor.so.1 (0x00007fd454c35000)
	libXext.so.6 => /lib64/libXext.so.6 (0x00007fd454c20000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fd454c15000)
	libXi.so.6 => /lib64/libXi.so.6 (0x00007fd454c03000)
	libXcomposite.so.1 => /lib64/libXcomposite.so.1 (0x00007fd454bfe000)
	libXdamage.so.1 => /lib64/libXdamage.so.1 (0x00007fd454bf7000)
	libXfixes.so.3 => /lib64/libXfixes.so.3 (0x00007fd454bee000)
	libatk-bridge-2.0.so.0 => /lib64/libatk-bridge-2.0.so.0 (0x00007fd454bb7000)
	libxkbcommon.so.0 => /lib64/libxkbcommon.so.0 (0x00007fd454b72000)
	libwayland-cursor.so.0 => /lib64/libwayland-cursor.so.0 (0x00007fd454b68000)
	libwayland-egl.so.1 => /lib64/libwayland-egl.so.1 (0x00007fd454b63000)
	libwayland-client.so.0 => /lib64/libwayland-client.so.0 (0x00007fd454b51000)
	libepoxy.so.0 => /lib64/libepoxy.so.0 (0x00007fd454a1c000)
	libfribidi.so.0 => /lib64/libfribidi.so.0 (0x00007fd4549fe000)
	libpangoft2-1.0.so.0 => /lib64/libpangoft2-1.0.so.0 (0x00007fd4549e4000)
	libfontconfig.so.1 => /lib64/libfontconfig.so.1 (0x00007fd454995000)
	libfreetype.so.6 => /lib64/libfreetype.so.6 (0x00007fd4548d2000)
	libthai.so.0 => /lib64/libthai.so.0 (0x00007fd4548c5000)
	libgraphite2.so.3 => /lib64/libgraphite2.so.3 (0x00007fd4548a4000)
	libpixman-1.so.0 => /lib64/libpixman-1.so.0 (0x00007fd4547f7000)
	libpng16.so.16 => /lib64/libpng16.so.16 (0x00007fd4547bd000)
	libxcb-shm.so.0 => /lib64/libxcb-shm.so.0 (0x00007fd4547b8000)
	libxcb.so.1 => /lib64/libxcb.so.1 (0x00007fd45478b000)
	libxcb-render.so.0 => /lib64/libxcb-render.so.0 (0x00007fd45477b000)
	libXrender.so.1 => /lib64/libXrender.so.1 (0x00007fd45476e000)
	libgthread-2.0.so.0 => /lib64/libgthread-2.0.so.0 (0x00007fd454769000)
	libvorbisfile.so.3 => /lib64/libvorbisfile.so.3 (0x00007fd45475e000)
	libtdb.so.1 => /lib64/libtdb.so.1 (0x00007fd454743000)
	libltdl.so.7 => /lib64/libltdl.so.7 (0x00007fd454737000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fd454730000)
	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fd454715000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fd456189000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fd4546e0000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fd454647000)
	libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x00007fd4545f6000)
	libatspi.so.0 => /lib64/libatspi.so.0 (0x00007fd4545bf000)
	libxml2.so.2 => /lib64/libxml2.so.2 (0x00007fd454434000)
	libbz2.so.1 => /lib64/libbz2.so.1 (0x00007fd454421000)
	libbrotlidec.so.1 => /lib64/libbrotlidec.so.1 (0x00007fd454411000)
	libdatrie.so.1 => /lib64/libdatrie.so.1 (0x00007fd454408000)
	libXau.so.6 => /lib64/libXau.so.6 (0x00007fd454402000)
	libvorbis.so.0 => /lib64/libvorbis.so.0 (0x00007fd4543d3000)
	libogg.so.0 => /lib64/libogg.so.0 (0x00007fd4543c8000)
	libsystemd.so.0 => /lib64/libsystemd.so.0 (0x00007fd454305000)
	liblzma.so.5 => /lib64/liblzma.so.5 (0x00007fd4542d9000)
	libbrotlicommon.so.1 => /lib64/libbrotlicommon.so.1 (0x00007fd4542b6000)
	libzstd.so.1 => /lib64/libzstd.so.1 (0x00007fd454201000)
	liblz4.so.1 => /lib64/liblz4.so.1 (0x00007fd4541e3000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fd4541d7000)
	libgcrypt.so.20 => /lib64/libgcrypt.so.20 (0x00007fd4540b2000)
	libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x00007fd45408d000)
+ rc=0
+ printf %s '+++ LD_TRACE_LOADED_OBJECTS=1
+++ LD_WARN=
+++ LD_BIND_NOW=
+++ LD_LIBRARY_VERSION=
+++ LD_VERBOSE=
+++ /lib64/ld-linux-x86-64.so.2 /builds/GNOME/gnome-bluetooth/_build/tmp-introspectn1ft4pt8/GnomeBluetooth-1.0
	linux-vdso.so.1 (0x00007ffc0bfb8000)
	libgnome-bluetooth.so.13 => /builds/GNOME/gnome-bluetooth/_build/lib/libgnome-bluetooth.so.13 (0x00007fd456144000)
	libgio-2.0.so.0 => /lib64/libgio-2.0.so.0 (0x00007fd455f6f000)
	libgobject-2.0.so.0 => /lib64/libgobject-2.0.so.0 (0x00007fd455f15000)
	libglib-2.0.so.0 => /lib64/libglib-2.0.so.0 (0x00007fd455de3000)
	libgtk-3.so.0 => /lib64/libgtk-3.so.0 (0x00007fd45562e000)
	libgdk-3.so.0 => /lib64/libgdk-3.so.0 (0x00007fd45552a000)
	libpangocairo-1.0.so.0 => /lib64/libpangocairo-1.0.so.0 (0x00007fd455516000)
	libpango-1.0.so.0 => /lib64/libpango-1.0.so.0 (0x00007fd4554c4000)
	libharfbuzz.so.0 => /lib64/libharfbuzz.so.0 (0x00007fd4553f6000)
	libatk-1.0.so.0 => /lib64/libatk-1.0.so.0 (0x00007fd4553cd000)
	libcairo-gobject.so.2 => /lib64/libcairo-gobject.so.2 (0x00007fd4553c1000)
	libcairo.so.2 => /lib64/libcairo.so.2 (0x00007fd4552a6000)
	libgdk_pixbuf-2.0.so.0 => /lib64/libgdk_pixbuf-2.0.so.0 (0x00007fd455279000)
	libcanberra-gtk3.so.0 => /lib64/libcanberra-gtk3.so.0 (0x00007fd455272000)
	libX11.so.6 => /lib64/libX11.so.6 (0x00007fd45512b000)
	libcanberra.so.0 => /lib64/libcanberra.so.0 (0x00007fd455118000)
	libnotify.so.4 => /lib64/libnotify.so.4 (0x00007fd45510d000)
	libudev.so.1 => /lib64/libudev.so.1 (0x00007fd4550e1000)
	libm.so.6 => /lib64/libm.so.6 (0x00007fd454f9a000)
	libgirepository-1.0.so.1 => /lib64/libgirepository-1.0.so.1 (0x00007fd454f76000)
	libgmodule-2.0.so.0 => /lib64/libgmodule-2.0.so.0 (0x00007fd454f70000)
	libpthread.so.0 => /lib64/libpthread.so.0 (0x00007fd454f4f000)
	libc.so.6 => /lib64/libc.so.6 (0x00007fd454d7f000)
	libz.so.1 => /lib64/libz.so.1 (0x00007fd454d65000)
	libmount.so.1 => /lib64/libmount.so.1 (0x00007fd454d20000)
	libselinux.so.1 => /lib64/libselinux.so.1 (0x00007fd454cf4000)
	libresolv.so.2 => /lib64/libresolv.so.2 (0x00007fd454cda000)
	libffi.so.6 => /lib64/libffi.so.6 (0x00007fd454ccf000)
	libpcre.so.1 => /lib64/libpcre.so.1 (0x00007fd454c56000)
	libXinerama.so.1 => /lib64/libXinerama.so.1 (0x00007fd454c51000)
	libXrandr.so.2 => /lib64/libXrandr.so.2 (0x00007fd454c42000)
	libXcursor.so.1 => /lib64/libXcursor.so.1 (0x00007fd454c35000)
	libXext.so.6 => /lib64/libXext.so.6 (0x00007fd454c20000)
	librt.so.1 => /lib64/librt.so.1 (0x00007fd454c15000)
	libXi.so.6 => /lib64/libXi.so.6 (0x00007fd454c03000)
	libXcomposite.so.1 => /lib64/libXcomposite.so.1 (0x00007fd454bfe000)
	libXdamage.so.1 => /lib64/libXdamage.so.1 (0x00007fd454bf7000)
	libXfixes.so.3 => /lib64/libXfixes.so.3 (0x00007fd454bee000)
	libatk-bridge-2.0.so.0 => /lib64/libatk-bridge-2.0.so.0 (0x00007fd454bb7000)
	libxkbcommon.so.0 => /lib64/libxkbcommon.so.0 (0x00007fd454b72000)
	libwayland-cursor.so.0 => /lib64/libwayland-cursor.so.0 (0x00007fd454b68000)
	libwayland-egl.so.1 => /lib64/libwayland-egl.so.1 (0x00007fd454b63000)
	libwayland-client.so.0 => /lib64/libwayland-client.so.0 (0x00007fd454b51000)
	libepoxy.so.0 => /lib64/libepoxy.so.0 (0x00007fd454a1c000)
	libfribidi.so.0 => /lib64/libfribidi.so.0 (0x00007fd4549fe000)
	libpangoft2-1.0.so.0 => /lib64/libpangoft2-1.0.so.0 (0x00007fd4549e4000)
	libfontconfig.so.1 => /lib64/libfontconfig.so.1 (0x00007fd454995000)
	libfreetype.so.6 => /lib64/libfreetype.so.6 (0x00007fd4548d2000)
	libthai.so.0 => /lib64/libthai.so.0 (0x00007fd4548c5000)
	libgraphite2.so.3 => /lib64/libgraphite2.so.3 (0x00007fd4548a4000)
	libpixman-1.so.0 => /lib64/libpixman-1.so.0 (0x00007fd4547f7000)
	libpng16.so.16 => /lib64/libpng16.so.16 (0x00007fd4547bd000)
	libxcb-shm.so.0 => /lib64/libxcb-shm.so.0 (0x00007fd4547b8000)
	libxcb.so.1 => /lib64/libxcb.so.1 (0x00007fd45478b000)
	libxcb-render.so.0 => /lib64/libxcb-render.so.0 (0x00007fd45477b000)
	libXrender.so.1 => /lib64/libXrender.so.1 (0x00007fd45476e000)
	libgthread-2.0.so.0 => /lib64/libgthread-2.0.so.0 (0x00007fd454769000)
	libvorbisfile.so.3 => /lib64/libvorbisfile.so.3 (0x00007fd45475e000)
	libtdb.so.1 => /lib64/libtdb.so.1 (0x00007fd454743000)
	libltdl.so.7 => /lib64/libltdl.so.7 (0x00007fd454737000)
	libdl.so.2 => /lib64/libdl.so.2 (0x00007fd454730000)
	libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007fd454715000)
	/lib64/ld-linux-x86-64.so.2 (0x00007fd456189000)
	libblkid.so.1 => /lib64/libblkid.so.1 (0x00007fd4546e0000)
	libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007fd454647000)
	libdbus-1.so.3 => /lib64/libdbus-1.so.3 (0x00007fd4545f6000)
	libatspi.so.0 => /lib64/libatspi.so.0 (0x00007fd4545bf000)
	libxml2.so.2 => /lib64/libxml2.so.2 (0x00007fd454434000)
	libbz2.so.1 => /lib64/libbz2.so.1 (0x00007fd454421000)
	libbrotlidec.so.1 => /lib64/libbrotlidec.so.1 (0x00007fd454411000)
	libdatrie.so.1 => /lib64/libdatrie.so.1 (0x00007fd454408000)
	libXau.so.6 => /lib64/libXau.so.6 (0x00007fd454402000)
	libvorbis.so.0 => /lib64/libvorbis.so.0 (0x00007fd4543d3000)
	libogg.so.0 => /lib64/libogg.so.0 (0x00007fd4543c8000)
	libsystemd.so.0 => /lib64/libsystemd.so.0 (0x00007fd454305000)
	liblzma.so.5 => /lib64/liblzma.so.5 (0x00007fd4542d9000)
	libbrotlicommon.so.1 => /lib64/libbrotlicommon.so.1 (0x00007fd4542b6000)
	libzstd.so.1 => /lib64/libzstd.so.1 (0x00007fd454201000)
	liblz4.so.1 => /lib64/liblz4.so.1 (0x00007fd4541e3000)
	libcap.so.2 => /lib64/libcap.so.2 (0x00007fd4541d7000)
	libgcrypt.so.20 => /lib64/libgcrypt.so.20 (0x00007fd4540b2000)
	libgpg-error.so.0 => /lib64/libgpg-error.so.0 (0x00007fd45408d000)
'
+ return 0
+ exit 0

Whether or not bash is broken in this case (and there are loads of cases where testing
for readability is always going to be incomplete), ldd should just run the commands it
needs to, and those commands should error when they actually try to "open()".

Comment 1 Carlos O'Donell 2020-12-10 20:56:32 UTC

(In reply to Bastien Nocera from comment #0)
> Whether or not bash is broken in this case (and there are loads of cases
> where testing for readability is always going to be incomplete), ldd should just run the
> commands it needs to, and those commands should error when they actually try to "open()".

Bash's test -r must be expected to operate reliably if we are going to rely on Bash to interpret shell scripts used by the build infrastructure.

Does the additional stat (test -r) in the wrapper script affect your use cases in any other way?

The wrapper script uses test -r to customize an error message for the user, and that is important for users.

The alternative is to move this logic into the loader, but since it operates as ldd less frequently than a normal loader I think this would not be a net benefit.

Comment 2 Carlos O'Donell 2020-12-10 21:06:22 UTC

Please note that this may be a duplicate of this bug:
https://bugzilla.redhat.com/show_bug.cgi?id=1900021

Comment 3 Bastien Nocera 2020-12-10 21:28:40 UTC

(In reply to Carlos O'Donell from comment #1)
> (In reply to Bastien Nocera from comment #0)
> > Whether or not bash is broken in this case (and there are loads of cases
> > where testing for readability is always going to be incomplete), ldd should just run the
> > commands it needs to, and those commands should error when they actually try to "open()".
> 
> Bash's test -r must be expected to operate reliably if we are going to rely
> on Bash to interpret shell scripts used by the build infrastructure.
> 
> Does the additional stat (test -r) in the wrapper script affect your use
> cases in any other way?
> 
> The wrapper script uses test -r to customize an error message for the user,
> and that is important for users.
> 
> The alternative is to move this logic into the loader, but since it operates
> as ldd less frequently than a normal loader I think this would not be a net
> benefit.

I haven't looked at the loader's code, but couldn't the loader's code be captured
and errors from the loader parsed in the ldd script, rather than relying on a
test that doesn't actually represent whether or not the file can be opened?

I'd be happy looking at whether or not that's possible if you think it's the
right way forward.

Comment 4 Carlos O'Donell 2020-12-11 01:35:54 UTC

(In reply to Bastien Nocera from comment #3)
> (In reply to Carlos O'Donell from comment #1)
> > (In reply to Bastien Nocera from comment #0)
> > > Whether or not bash is broken in this case (and there are loads of cases
> > > where testing for readability is always going to be incomplete), ldd should just run the
> > > commands it needs to, and those commands should error when they actually try to "open()".
> > 
> > Bash's test -r must be expected to operate reliably if we are going to rely
> > on Bash to interpret shell scripts used by the build infrastructure.
> > 
> > Does the additional stat (test -r) in the wrapper script affect your use
> > cases in any other way?
> > 
> > The wrapper script uses test -r to customize an error message for the user,
> > and that is important for users.
> > 
> > The alternative is to move this logic into the loader, but since it operates
> > as ldd less frequently than a normal loader I think this would not be a net
> > benefit.
> 
> I haven't looked at the loader's code, but couldn't the loader's code be
> captured
> and errors from the loader parsed in the ldd script, rather than relying on a
> test that doesn't actually represent whether or not the file can be opened?

What you describe is exactly what ldd does today, except that in some cases we avoid running the loader and use 'test -r' in the script i.e. stat.

The 'test -r' checks that (a) the file exists and (b) the file has read permissions.

Existence and ability to read are exactly what the open-family of functions will need if the loader is going to open the file.

We don't need to change ldd at all.
 
> I'd be happy looking at whether or not that's possible if you think it's the
> right way forward.

It is not the right way forward.

The right way forward is to determine why 'test -r' fails on a file that is present and readable.

Again this might be related to faccessat2 denial by seccomp.

Which CI containers, and which container runtime are you using?

Comment 5 Carlos O'Donell 2020-12-11 02:29:14 UTC

Could you also please upgrade to glibc-2.32.9000-20.fc34.x86_64 and see if that makes a difference?

The -19 release has an issue with supplemental groups not working correctly and this has been corrected in -20.

Comment 6 Bastien Nocera 2020-12-11 10:09:03 UTC

(In reply to Carlos O'Donell from comment #5)
> Could you also please upgrade to glibc-2.32.9000-20.fc34.x86_64 and see if
> that makes a difference?
> 
> The -19 release has an issue with supplemental groups not working correctly
> and this has been corrected in -20.

It's already the version that was used. Had to download and install it by hand
because it hadn't made its way to the repos yet.

(In reply to Carlos O'Donell from comment #4)
> (In reply to Bastien Nocera from comment #3)
> > (In reply to Carlos O'Donell from comment #1)
> > > (In reply to Bastien Nocera from comment #0)
> > > > Whether or not bash is broken in this case (and there are loads of cases
> > > > where testing for readability is always going to be incomplete), ldd should just run the
> > > > commands it needs to, and those commands should error when they actually try to "open()".
> > > 
> > > Bash's test -r must be expected to operate reliably if we are going to rely
> > > on Bash to interpret shell scripts used by the build infrastructure.
> > > 
> > > Does the additional stat (test -r) in the wrapper script affect your use
> > > cases in any other way?
> > > 
> > > The wrapper script uses test -r to customize an error message for the user,
> > > and that is important for users.
> > > 
> > > The alternative is to move this logic into the loader, but since it operates
> > > as ldd less frequently than a normal loader I think this would not be a net
> > > benefit.
> > 
> > I haven't looked at the loader's code, but couldn't the loader's code be
> > captured
> > and errors from the loader parsed in the ldd script, rather than relying on a
> > test that doesn't actually represent whether or not the file can be opened?
> 
> What you describe is exactly what ldd does today, except that in some cases
> we avoid running the loader and use 'test -r' in the script i.e. stat.
> 
> The 'test -r' checks that (a) the file exists and (b) the file has read
> permissions.
> 
> Existence and ability to read are exactly what the open-family of functions
> will need if the loader is going to open the file.

And as we've seen, the test can fail while open() works because they use two
different codepaths. This would stand if the same codepath was used in both
cases.

> We don't need to change ldd at all.
>  
> > I'd be happy looking at whether or not that's possible if you think it's the
> > right way forward.
> 
> It is not the right way forward.
> 
> The right way forward is to determine why 'test -r' fails on a file that is
> present and readable.
> 
> Again this might be related to faccessat2 denial by seccomp.

That's very likely. It's still the wrong way to check for file accessibility.
It's at best, a hint, which ldd is taking at face value.

> Which CI containers, and which container runtime are you using?

I don't know the CI containers used, as I don't maintain the CI infrastructure
for my project.

In the meanwhile, this is the work-around that I implemented because I still
don't think we should be relying on "test" to know if a file can be opened:
https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/merge_requests/34/diffs

Comment 7 Bastien Nocera 2020-12-11 12:37:49 UTC

Created attachment 1738437 [details]
0001-ldd-Don-t-use-test-to-check-for-file-accessibility.patch

Just as a proof of concept. You should be able to apply it to a copy of /bin/ldd if you want to test it.

It captures permission denied ("test -r" equivalent), and ignores "test -x", because the loader will happily accept loading libraries which aren't executable.

Mildly tested.

Comment 8 Stephen Gallagher 2020-12-11 14:24:39 UTC

FWIW, I think you are both correct here:

Carlos: You are absolutely right that `test -r` incorrectly detecting readability is a serious bug and needs to be addressed.

Bastien: What you are suggesting is *also* correct: using `test -r` prior to calling `open()` is unnecessary at best (and a security issue at worst[1]). The result of an attempt to `open()` a file is the only check that truly matters. (And if there are other `stat()` attributes that need to be validated, that should be happening through `fstat()` on the file descriptor after it has been opened.


I've temporarily instituted the same workaround[2] in my libmodulemd CI that Bastien is running in gnome-bluetooth and my tests are running again.


[1] https://en.wikipedia.org/wiki/Time-of-check_to_time-of-use
[2] https://gitlab.gnome.org/GNOME/gnome-bluetooth/-/merge_requests/34/diffs

Comment 9 Carlos O'Donell 2020-12-14 03:18:57 UTC

(In reply to Stephen Gallagher from comment #8)
> Bastien: What you are suggesting is *also* correct: using `test -r` prior to
> calling `open()` is unnecessary at best (and a security issue at worst[1]).
> The result of an attempt to `open()` a file is the only check that truly
> matters. (And if there are other `stat()` attributes that need to be
> validated, that should be happening through `fstat()` on the file descriptor
> after it has been opened.

All the things you say are true and they are not relevant for the loader.

TOCTTOU is not relevant here because you have a collection of library files
(minimally 3: loader, libc, argument) that need to be checked and you can't
atomically coordinate that kind of access. Security is enforced at the
filesystem level with access controls. If files are updated during ldd's
operation then ldd will return inconsistent results (and this is the best
we can do today... unless we adopt rpm-ostree in Fedora).

The only relevant aspect is a useful error message (which Bastien's patch does
address, thank you) However, the change is not technically required, it's
simply a "different" way of writing ldd. That "different" way appears to work
around this oddity, but it's not required and not particularly cleaner than
the existing shell code. If someone did some performance benchmarks and showed
it was faster, then I might be convinced the clean is good and useful.

> I've temporarily instituted the same workaround[2] in my libmodulemd CI that
> Bastien is running in gnome-bluetooth and my tests are running again.

We still don't have a root cause for this report.

Would either of you be able to run strace -ttt -ff and understand what is failing?

I would like to confirm that this is just faccessat2 failing again, and marke this closed/duplicate.

Comment 10 Bastien Nocera 2020-12-15 09:42:50 UTC

(In reply to Carlos O'Donell from comment #9)
> (In reply to Stephen Gallagher from comment #8)
> > Bastien: What you are suggesting is *also* correct: using `test -r` prior to
> > calling `open()` is unnecessary at best (and a security issue at worst[1]).
> > The result of an attempt to `open()` a file is the only check that truly
> > matters. (And if there are other `stat()` attributes that need to be
> > validated, that should be happening through `fstat()` on the file descriptor
> > after it has been opened.
> 
> All the things you say are true and they are not relevant for the loader.
> 
> TOCTTOU is not relevant here because you have a collection of library files
> (minimally 3: loader, libc, argument) that need to be checked and you can't
> atomically coordinate that kind of access. Security is enforced at the
> filesystem level with access controls. If files are updated during ldd's
> operation then ldd will return inconsistent results (and this is the best
> we can do today... unless we adopt rpm-ostree in Fedora).
> 
> The only relevant aspect is a useful error message (which Bastien's patch
> does
> address, thank you) However, the change is not technically required, it's
> simply a "different" way of writing ldd. That "different" way appears to work
> around this oddity, but it's not required and not particularly cleaner than
> the existing shell code. If someone did some performance benchmarks and
> showed
> it was faster, then I might be convinced the clean is good and useful.

I'm not sure why I would put in any more effort, seeing as it clearly bothers
you to consider that this might be the right way to go. I already wrote this
patch even though you didn't think it was necessary, and showed that ahead
of time testing wasn't actually necessary to get decent error messages.

> > I've temporarily instituted the same workaround[2] in my libmodulemd CI that
> > Bastien is running in gnome-bluetooth and my tests are running again.
> 
> We still don't have a root cause for this report.
> 
> Would either of you be able to run strace -ttt -ff and understand what is
> failing?
> 
> I would like to confirm that this is just faccessat2 failing again, and
> marke this closed/duplicate.

The problem is solved when faccessat2 is added to the list of allowed syscalls,
which is really complicated at present, as explained here:
https://bugzilla.redhat.com/show_bug.cgi?id=1900021#c26

GNOME would never have hit the problem if ldd was coded without unneeded tests.

Comment 11 Carlos O'Donell 2020-12-15 14:28:12 UTC

(In reply to Bastien Nocera from comment #10)
> The problem is solved when faccessat2 is added to the list of allowed
> syscalls,
> which is really complicated at present, as explained here:
> https://bugzilla.redhat.com/show_bug.cgi?id=1900021#c26

Thanks for confirming that this is a duplicate of bug 1900021.

Thanks for filling the bug, I do appreciate that, even if we have technical disagreement about solutions.

I'm marking this as a duplicate of the other bug.

*** This bug has been marked as a duplicate of bug 1900021 ***

Note You need to log in before you can comment on or make changes to this bug.