Description of problem: After updating glibc from 2.12.90-15 to 2.12.90-17, I can't run VirtualBox as a normal user: $ VirtualBox VirtualBox: supR3HardenedMainGetTrustedMain: dlopen("/usr/lib64/virtualbox/VirtualBox.so",) failed: VBoxVMM.so: cannot open shared object file: No such file or directory As root it runs fine. Version-Release number of selected component (if applicable): Name : glibc Relocations: (not relocatable) Version : 2.12.90 Vendor: Fedora Project Release : 17 Build Date: Tue Oct 19 16:27:47 2010 Install Date: Thu Oct 21 22:25:26 2010 Build Host: x86-06.phx2.fedoraproject.org Group : System Environment/Libraries Source RPM: glibc-2.12.90-17.src.rpm Size : 13295242 License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+ Signature : RSA/SHA256, Wed Oct 20 04:13:48 2010, Key ID 421caddb97a1071f Packager : Fedora Project URL : http://www.gnu.org/software/glibc/ Summary : The GNU libc libraries Name : VirtualBox-OSE Relocations: (not relocatable) Version : 3.2.6 Vendor: (none) Release : 2.fc14 Build Date: Thu Oct 21 19:28:14 2010 Install Date: Thu Oct 21 19:31:54 2010 Build Host: localhost.localdomain Group : Development/Tools Source RPM: VirtualBox-OSE-3.2.6-2.fc14.src.rpm Size : 55899372 License: GPLv2 or (GPLv2 and CDDL) Signature : (none) URL : http://www.virtualbox.org/wiki/VirtualBox Summary : A general-purpose full virtualizer for PC hardware VirtualBox is from rpmfusion repositories, rebuilt manually with rpmbuild. How reproducible: Always. Steps to Reproduce: 1. Install updated glibc. 2. Install VirtualBox. 3. Try to run it. Actual results: It will not start as regulat user. Only as root. Expected results: VirtualBox should start. Additional info: I think this is due to fix of recent vulnerability in glibc (see CVE-2010-3847 and RHBZ #643306).
/usr/lib64/virtualbox/VirtualBox is a SUID root executable. It wants to dlopen VirtualBox.so. VirtualBox.so depends on finding VBoxVMM.so in the same directory. It has RPATH: [$ORIGIN]. So yes, it is related to the recent vulnerability fix. You should report it to the packager of VirtualBox-OSE. Note that the package is not included in Fedora. (CANTFIX?)
(In reply to comment #1) > /usr/lib64/virtualbox/VirtualBox is a SUID root executable. > It wants to dlopen VirtualBox.so. > VirtualBox.so depends on finding VBoxVMM.so in the same directory. It has > RPATH: [$ORIGIN]. > So yes, it is related to the recent vulnerability fix. You should report it to > the packager of VirtualBox-OSE. Note that the package is not included in > Fedora. > (CANTFIX?) Thanks for your reply. I wrote bugreport in rpmfusion bugzilla: https://bugzilla.rpmfusion.org/show_bug.cgi?id=1465
Not a bug but a feature.