Bug 208148 - LD_LIBRARY_PATH stripped when xdm login
LD_LIBRARY_PATH stripped when xdm login
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: xinitrc (Show other bugs)
4.4
All Linux
high Severity high
: ---
: ---
Assigned To: Søren Sandmann Pedersen
Jay Turner
:
Depends On: 164869
Blocks: 217783 234251
  Show dependency treegraph
 
Reported: 2006-09-26 13:04 EDT by aaron scamehorn
Modified: 2015-01-07 19:14 EST (History)
5 users (show)

See Also:
Fixed In Version: RHBA-2007-0770
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2007-11-15 11:00:25 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
how ld_library_path is shown on a test system with the stated patch. (18.54 KB, image/png)
2006-11-28 01:46 EST, ritz
no flags Details

  None (edit)
Description aaron scamehorn 2006-09-26 13:04:18 EDT
Description of problem:

This is a dup of https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=164869.

I am entering it again now as it is in RHEL4.4

In /etc/X11/xdm/Xsession, the addition of $SSH_AGENT in the following line:
     exec -l $SHELL -c "$SSH_AGENT $DBUS_LAUNCH gnome-session"

The ssh-agent executable is has its setgid bit set; this causes glibc (?) to
remove LD_LIBRARY_PATH from the environment before launching $DBUS_LAUNCH
gnome-session.

Version-Release number of selected component (if applicable):
xinitrc-4.0.14.3-1

How reproducible:


Steps to Reproduce:
1. Login via xdm
2. Open gnome-terminal
3. echo $LD_LIBRARY_PATH
  
Actual results:
<It's Empty!>

Expected results:
Anything you have set in ~/.bash_profile or /etc/profile

Additional info:
Login via a console (ctrl-alt-F1); echo $LD_LIBRARY_PATH:  Viola,
LD_LIBRARY_PATH is set.
Comment 2 Matěj Cepl 2006-11-24 11:47:04 EST
see for more info FC bug 164869.
Comment 3 ritz 2006-11-25 10:09:19 EST
suspected patch. this may blow up your system, or cause a disaster.
can someone confirm otherwise ?


--- /etc/X11/xinit/xinitrc-common.orig 2006-11-23 14:05:58.000000000 +0530
+++ /etc/X11/xinit/xinitrc-common      2006-11-23 14:07:01.000000000 +0530
@@ -63,10 +63,19 @@
 # Prefix launch of session with ssh-agent if available and not already running.
 SSH_AGENT=
 if [ -x /usr/bin/ssh-agent -a -z "$SSH_AGENT_PID" ]; then
-    if [ "$TMPDIR" != "" ]; then
-        SSH_AGENT="/usr/bin/ssh-agent /bin/env TMPDIR=$TMPDIR"
-    else
-        SSH_AGENT="/usr/bin/ssh-agent"
+  ENV=
+  if [ "$TMPDIR" != "" ]; then
+      ENV="TMPDIR=$TMPDIR "
+  fi
+
+  if [ "$LD_LIBRARY_PATH" != "" ]; then
+      ENV="$ENV LD_LIBRARY_PATH=$LD_LIBRARY_PATH "
+  fi
+
+  if [ "$ENV" != "" ]; then
+      SSH_AGENT="/usr/bin/ssh-agent /bin/env $ENV"
+  elif
+      SSH_AGENT="/usr/bin/ssh-agent"
   fi
 fi
Comment 4 aaron scamehorn 2006-11-27 10:54:18 EST
This patch DOES NOT WORK.

At the time you are attempting to check, and save LD_LIBRARY_PATH, it has not
yet been set.

During an xdm login, /etc/profile (and $HOME/.bash_profile) do not get sourced
in until the exec command in /etc/X11/xdm/Xsession:
   exec -l $SHELL -c "$SSH_AGENT $DBUS_LAUNCH ....."

Which is long after we have attemped to save LD_LIBRARY_PATH...
Comment 5 ritz 2006-11-28 01:46:51 EST
Created attachment 142261 [details]
how ld_library_path is shown on a test system with the stated patch.

After applying the stated patch on a frshly installed system, and setting
LD_LIBRARY_PATH in the files mentioned below, a screenshot of the output

/etc/profile
/etc/profile.d/myprofile
/home/user/.bashrc
/home/user/.bash_profile

additionally, it is usually recommended to add LD_LIBRARY_PATH as mentioned
below

if ! echo "$LD_LIBRARY_PATH" | grep -q /my/path ; then
    LD_LIBRARY_PATH="$LD_LIBRARY_PATH:/my/path"
fi


and yes, i have not used the above if block for my test case. hence multiple
listing for few certain paths for LD_LIBRARY_PATH
Comment 6 ritz 2006-11-29 15:46:02 EST
dang ! 
the stated patch seems to b disabling ssh-agent on system, and thus it works !
Comment 7 ritz 2006-11-29 15:47:17 EST
additionally, rhel3 do not have setuid ssh-agent . rhel4 and above do.
Comment 8 ritz 2006-11-29 23:27:07 EST
* additionally, a hacky workaround for gnome-session. a wrapper script ?

move gnome-session to gnome-session.orig
create a shell script called gnome-session as shown below
chmod +x /usr/bin/gnome-session
this is hacky, but should work.

---------------------------------------------------------------------------

#!/bin/sh

# 
# One of the wrost possible implementation of a warpper script
#                               -- Ritesh Khadgaray
#

var=`ssh-agent -s`
var_sock=`echo $var|cut -f1 -d';'|cut -f2 -d'='`
var_pid=`echo $var|cut -f3 -d';'|cut -f2 -d'='`
export SSH_AUTH_SOCK=$var_sock
export SSH_AGENT_PID=$var_pid

gnome-session.orig $*

kill -s SIGTERM $SSH_AGENT_PID
sleep 1
kill -s SIGKILL $SSH_AGENT_PID

---------------------------------------------------------------------------
Comment 9 ritz 2006-11-29 23:46:00 EST
additionally, w.r.t. https://bugzilla.redhat.com/bugzilla/process_bug.cgi#c8

i unset SSH_AGENT from /etc/X11/xinit/Xsession , before gnome-session was init'ed.
Comment 10 ritz 2006-12-20 15:02:18 EST
For a cleaner wrapper script check up bugzilla #164869

https://bugzilla.redhat.com/bugzilla/attachment.cgi?id=144136
Comment 11 ritz 2007-01-22 16:57:20 EST
to install the proposed patch from comment#10.

A wrapper script to start desktop session and saving LD_LIBRARY_PATH .
To apply the patch

cd /
cat xinitrc_ld_library_path.patch| patch -p0
chmod a+x /etc/X11/xinit/xinitrc-ssh

log-out and login. This should resolve the issue.
Comment 12 Ray Strode [halfline] 2007-02-27 18:10:05 EST
We should probably just change ssh-agent to use its alternate syntax instead of
doing the pass through way we do now.
Comment 15 Søren Sandmann Pedersen 2007-04-30 11:43:25 EDT
Devel ack for 4.6.
Comment 17 RHEL Product and Program Management 2007-06-26 11:26:22 EDT
This request was evaluated by Red Hat Product Management for inclusion in a Red
Hat Enterprise Linux maintenance release.  Product Management has requested
further review of this request by Red Hat Engineering, for potential
inclusion in a Red Hat Enterprise Linux Update release for currently deployed
products.  This request is not yet committed for inclusion in an Update
release.
Comment 20 aaron scamehorn 2007-07-16 15:01:28 EDT
What does the below email mean???  It looks like this issue is still open!

-----Original Message-----
From: bugzilla@redhat.com [mailto:bugzilla@redhat.com] 
Sent: Wednesday, July 11, 2007 6:15 AM
To: Aaron Scamehorn
Subject: [Bug 208148] LD_LIBRARY_PATH stripped when xdm login

Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug report.

Summary: LD_LIBRARY_PATH stripped when xdm login


https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=208148





------- Additional Comments From tao@redhat.com  2007-07-11 07:15 EST -------
There have been no updates to this issue in the past month. This issue will
now be closed due to inactivity. If this is in error, please reopen the
issue and check to make sure that it is current and in the proper status.
If the issue is something which is on a longer timeline than a month,
please change the status to one of the long term selections to avoid
closure due to inactivity.
This event sent from IssueTracker by AutoCloser  [Nokia-BI-ETP]
 issue 116964
Comment 21 ritz 2007-07-16 16:01:34 EDT
Hello Aaron

  This issue is not closed, but a IssueTracker marked against this bugzilla is
closed. This issue is still being worked upon.
Comment 23 Søren Sandmann Pedersen 2007-07-29 19:36:26 EDT
Fixed in xinitrc-4_0_14_3-2
Comment 30 errata-xmlrpc 2007-11-15 11:00:25 EST
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2007-0770.html

Note You need to log in before you can comment on or make changes to this bug.