Description of problem: When a statically linked executable is run with glibc secure mode, it segfaults before reaching main(). glibc secure mode is enabled for SUID/SGID programs, or when the SELinux policy for the program does not allow the "noatsecure" permission. I found this bug while using the distributed compiler icecream, whose icecc-create-env scripts runs confined by SELinux and calls ldconfig (statically linked). Version-Release number of selected component (if applicable): glibc-2.10.90-24.x86_64 How reproducible: always Steps to Reproduce: 1. Get a statically linked binary (Just copy /sbin/ldconfig somewhere.) 2. Set the SUID bit for the binary. (chmod u+s the_binary) 3. Run the binary as a different user. Actual results: The binary crashes with Segmentation fault (SIGSEGV). Expected results: The binary should not crash. Additional info: Using gdb on the crashing ldconfig showed me there is a problem in elf/dl-support.c:_dl_non_dynamic_init() here: const char *cp = unsecure_envvars; while (cp < unsecure_envvars + sizeof (unsecure_envvars)) { __unsetenv (cp); cp = (const char *) __rawmemchr (cp, '\0') + 1; } The __rawmemchr function is not really called. Instead the calls leads to address 0x04002f8 which is just before _start (0x400300): (gdb) x/8i 0x00000000004002f8 0x4002f8: add %al,(%rax) 0x4002fa: add %al,(%rax) 0x4002fc: add %al,(%rax) 0x4002fe: add %al,(%rax) 0x400300 <_start>: xor %ebp,%ebp 0x400302 <_start+2>: mov %rdx,%r9 0x400305 <_start+5>: pop %rsi 0x400306 <_start+6>: mov %rsp,%rdx
The IPLT relocations are applied too late, __libc_csu_init is called after __libc_init_first.
This bug appears to have been reported against 'rawhide' during the Fedora 12 development cycle. Changing version to '12'. More information and reason for this action is here: http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Fixed upstream. Can easily be backported but all statically linked code affected by this must be relinked.
Created attachment 373677 [details] patch for F-12 Thank you Ulrich. I tested the patch on F-12's glibc and it works. ldconfig segfaults no more. I'm attaching it. Andreas, would you apply it into F-12? Personally I'd just like ldconfig fixed and ldconfig is a part of the glibc package itself.
glibc-2.11-4 has been submitted as an update for Fedora 12. http://admin.fedoraproject.org/updates/glibc-2.11-4
glibc-2.11-4 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update glibc'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12470
glibc-2.11.1-1 has been pushed to the Fedora 12 testing repository. If problems still persist, please make note of it in this bug report. If you want to test the update, you can install it with su -c 'yum --enablerepo=updates-testing update glibc'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F12/FEDORA-2009-12470
glibc-2.11.1-1 has been pushed to the Fedora 12 stable repository. If problems still persist, please make note of it in this bug report.