Bug 448594 - Use of file capabilities disables LD_LIBRARY_PATH
Use of file capabilities disables LD_LIBRARY_PATH
Status: CLOSED NOTABUG
Product: Fedora
Classification: Fedora
Component: libcap (Show other bugs)
9
All Linux
low Severity low
: ---
: ---
Assigned To: Karsten Hopp
Fedora Extras Quality Assurance
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2008-05-27 14:55 EDT by Kevin Arunski
Modified: 2008-05-28 05:11 EDT (History)
0 users

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-28 05:11:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kevin Arunski 2008-05-27 14:55:32 EDT
Description of problem:
If any file capabilities are set on an executable, the value of environment
variable LD_LIBRARY_PATH is ignored when that executable is run. 

Version-Release number of selected component (if applicable):
kernel-2.6.25-14.fc9.x86_64
libcap-2.06-4.fc9.x86_64
glibc-2.8-3.x86_64

How reproducible:
Always

Steps to Reproduce:
1. Build a dynamic shared library. Link an executable to that shared library.
Verify that setting LD_LIBRARY_PATH to the directory holding the shared library
allows the executable to run even if the shared library is not in one of the
default search locations.
2. Set a file capability on the executable using setcap
3. The executable will no longer honor the LD_LIBRARY_PATH environment variable
when it is run.
4. Removing the file capabilities from the executable with the undocumented
setcap -r restores normal operation.
  
Actual results:
The executable is not correctly dynamically linked-- the value of
LD_LIBRARY_PATH is ignored.

Expected results:
The LD_LIBRARY_PATH environment variable should work as expected even though the
file has capability flags set.

Additional info:
Comment 1 Karsten Hopp 2008-05-28 05:11:50 EDT
That's not a libcap bug but an intentional security feature of glibc. glibc
ignores LD_LIBRARY_PATH (and some other environment variables) when capabilities
are set as someone could overlay some of the functions which the executable
calls with malicious code to p.e. change passwords or whatever. All this would
be done with raised capabilities and would be a major security issue.

Note You need to log in before you can comment on or make changes to this bug.