RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 2026296 - rpminspect report invalid-looking DT_RPATH for binutils binaries
Summary: rpminspect report invalid-looking DT_RPATH for binutils binaries
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: binutils
Version: 9.0
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Nick Clifton
QA Contact: Miloš Prchlík
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2021-11-24 10:14 UTC by Miloš Prchlík
Modified: 2022-05-17 16:30 UTC (History)
5 users (show)

Fixed In Version: binutils-2.35.2-13.el9
Doc Type: No Doc Update
Doc Text:
Clone Of:
Environment:
Last Closed: 2022-05-17 15:58:36 UTC
Type: Bug
Target Upstream Version:
Embargoed:
pm-rhel: mirror+

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-103818 0 None None None 2021-11-24 10:14:52 UTC
Red Hat Product Errata RHBA-2022:3985 0 None None None 2022-05-17 15:59:00 UTC

Description Miloš Prchlík 2021-11-24 10:14:16 UTC 
Description of problem:

Seems to be spread over all architectures and several binaries.


rpminspect version: 1.7-0.1.202110111942git.el9 (with data package: 1.5)
rpminspect profile: rhel-9-devel
new build: binutils-2.35.2-10.el9
old build: not found (in rhel-9.0.0-pending brew tag)

Test description:
Check for forbidden paths in both the DT_RPATH and DT_RUNPATH settings in ELF shared objects.

======================================== Test Output ========================================

runpath:
--------

1) /usr/bin/addr2line has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


2) /usr/bin/ar has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


3) /usr/bin/as has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


4) /usr/bin/c++filt has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


5) /usr/bin/gprof has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


6) /usr/bin/ld.bfd has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


7) /usr/bin/nm has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


8) /usr/bin/objcopy has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


9) /usr/bin/objdump has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


10) /usr/bin/ranlib has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


11) /usr/bin/readelf has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


12) /usr/bin/size has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


13) /usr/bin/strings has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


14) /usr/bin/strip has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


15) /usr/lib64/libopcodes-2.35.2-10.el9.so has an invalid-looking DT_RPATH on aarch64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


16) /usr/bin/ld.bfd has an invalid-looking DT_RPATH on ppc64le: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


17) /usr/bin/ld.bfd has an invalid-looking DT_RPATH on x86_64: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


18) /usr/bin/ld.bfd has an invalid-looking DT_RPATH on s390x: /usr/lib64

Result: VERIFY
Waiver Authorization: Anyone

Suggested Remedy:
Either DT_RPATH or DT_RUNPATH properties were found on ELF shared objects in this package.  The use of DT_RPATH and DT_RUNPATH is discouraged except in certain situations.  Check to see that you a disabling rpath during the %build stage of the spec file.  If you are unable to do this easily, you can try using a program such as patchelf to remove these properties from the ELF files.


Version-Release number of selected component (if applicable):

binutils-2.35.2-10.el9


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 1 Nick Clifton 2021-11-24 12:39:01 UTC 
(In reply to Miloš Prchlík from comment #0)

> 1) /usr/bin/addr2line has an invalid-looking DT_RPATH on aarch64: /usr/lib64

I think that this *might* actually be a bug in rpminspect.  The path /usr/lib64
should be valid, although arguably redundant.  The code in 
/usr/lib/rpm/check-rpaths-worker however appears to only accept /usr/lib64/  ie
with a trailing forward slash:

	    case "$j" in
	        (/lib/*|/usr/lib/*|/usr/X11R6/lib/*|/usr/local/lib/*)
		    badness=0;;
	        (/lib64/*|/usr/lib64/*|/usr/X11R6/lib64/*|/usr/local/lib64/*)
		    badness=0;;

So I am going to set a needinfo from David to see if he agrees...
Comment 2 David Cantrell 2021-11-24 15:16:40 UTC 
I don't think this is a bug in rpminspect, but just a policy configuration change for the appropriate rpminspect data package.  By default there are no allowed paths specified for the runpath inspection, so if we want to allow the above in DT_RPATH or DT_RUNPATH, they have to be added to the configuration file so rpminspect knows they are permitted.  Easy enough to change.

I assume the above applies to Fedora, CentOS, and RHEL?  Because we would need to adjust the configuration file in each vendor package.
Comment 3 Nick Clifton 2021-11-25 10:24:33 UTC 
(In reply to David Cantrell from comment #2)
> I don't think this is a bug in rpminspect, but just a policy configuration
> change for the appropriate rpminspect data package. 

Ah, OK, I must have misread the rpminspect code.  I do not want to make a policy change.  At least not via this mechanism.
So I will try setting QA_RPATH in the binutils spec file instead.
Comment 4 Florian Weimer 2021-11-26 12:46:15 UTC 
Isn't the proper fix to remove /usr/lib64 from the binaries?

RUNPATH/RPATH add a tiny bit of extra startup overhead because they disable the use of /etc/ld.so.cache:

# strace -eopenat /usr/bin/ld
openat(AT_FDCWD, "/usr/lib64/glibc-hwcaps/x86-64-v3/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/glibc-hwcaps/x86-64-v2/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/tls/haswell/x86_64/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/tls/haswell/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/tls/x86_64/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/tls/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/haswell/x86_64/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/haswell/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/x86_64/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = -1 ENOENT (No such file or directory)
openat(AT_FDCWD, "/usr/lib64/libbfd-2.35.2-10.el9.so", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib64/libctf.so.0", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib64/libc.so.6", O_RDONLY|O_CLOEXEC) = 3
openat(AT_FDCWD, "/usr/lib64/libz.so.1", O_RDONLY|O_CLOEXEC) = 3
[…]
/usr/bin/ld: no input files

glibc caches path non-existence, but if something is installed that populates these alternative paths, more failing openat calls for the other shared objects (libctf.so.0, libc.so.6, libz.so.1) would be present.
Comment 5 Nick Clifton 2021-11-26 13:12:03 UTC 
(In reply to Florian Weimer from comment #4)
> Isn't the proper fix to remove /usr/lib64 from the binaries?

Yes - but that is going to need an upstream fix.  Adding QA_RPATH to the binutils.spec file allows the build to complete now and gives me more time to investigate a proper upstream change.
Comment 6 Nick Clifton 2021-11-26 13:24:51 UTC 
Fixed (or rather worked around) in binutils-2.35.2-12.el9.
Comment 17 Miloš Prchlík 2021-12-13 13:44:01 UTC 
Verified with binutils-2.35.2-13.el9
Comment 19 errata-xmlrpc 2022-05-17 15:58:36 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (new packages: binutils), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2022:3985
Note You need to log in before you can comment on or make changes to this bug.