Bug 645500 - glibc update 2.12.90-15 -> 2.12.90-17 breaks VirtualBox
Summary: glibc update 2.12.90-15 -> 2.12.90-17 breaks VirtualBox
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: Fedora
Classification: Fedora
Component: glibc
Version: 14
Hardware: x86_64
OS: Linux
low
medium
Target Milestone: ---
Assignee: Andreas Schwab
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-10-21 16:39 UTC by Ivan Mironov
Modified: 2016-11-24 15:48 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2010-10-22 09:24:16 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Ivan Mironov 2010-10-21 16:39:34 UTC 
Description of problem:
After updating glibc from 2.12.90-15 to 2.12.90-17, I can't run VirtualBox as a normal user:

$ VirtualBox 
VirtualBox: supR3HardenedMainGetTrustedMain: dlopen("/usr/lib64/virtualbox/VirtualBox.so",) failed: VBoxVMM.so: cannot open shared object file: No such file or directory

As root it runs fine.

Version-Release number of selected component (if applicable):
Name        : glibc                        Relocations: (not relocatable)
Version     : 2.12.90                           Vendor: Fedora Project
Release     : 17                            Build Date: Tue Oct 19 16:27:47 2010
Install Date: Thu Oct 21 22:25:26 2010         Build Host: x86-06.phx2.fedoraproject.org
Group       : System Environment/Libraries   Source RPM: glibc-2.12.90-17.src.rpm
Size        : 13295242                         License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+
Signature   : RSA/SHA256, Wed Oct 20 04:13:48 2010, Key ID 421caddb97a1071f
Packager    : Fedora Project
URL         : http://www.gnu.org/software/glibc/
Summary     : The GNU libc libraries

Name        : VirtualBox-OSE               Relocations: (not relocatable)
Version     : 3.2.6                             Vendor: (none)
Release     : 2.fc14                        Build Date: Thu Oct 21 19:28:14 2010
Install Date: Thu Oct 21 19:31:54 2010         Build Host: localhost.localdomain
Group       : Development/Tools             Source RPM: VirtualBox-OSE-3.2.6-2.fc14.src.rpm
Size        : 55899372                         License: GPLv2 or (GPLv2 and CDDL)
Signature   : (none)
URL         : http://www.virtualbox.org/wiki/VirtualBox
Summary     : A general-purpose full virtualizer for PC hardware

VirtualBox is from rpmfusion repositories, rebuilt manually with rpmbuild.

How reproducible:
Always.

Steps to Reproduce:
1. Install updated glibc.
2. Install VirtualBox.
3. Try to run it.
  
Actual results:
It will not start as regulat user. Only as root.

Expected results:
VirtualBox should start.

Additional info:
I think this is due to fix of recent vulnerability in glibc (see CVE-2010-3847 and RHBZ #643306).
Comment 1 Michal Schmidt 2010-10-21 20:29:23 UTC 
/usr/lib64/virtualbox/VirtualBox is a SUID root executable.
It wants to dlopen VirtualBox.so.
VirtualBox.so depends on finding VBoxVMM.so in the same directory. It has RPATH: [$ORIGIN].
So yes, it is related to the recent vulnerability fix. You should report it to the packager of VirtualBox-OSE. Note that the package is not included in Fedora.
(CANTFIX?)
Comment 2 Ivan Mironov 2010-10-21 20:55:32 UTC 
(In reply to comment #1)
> /usr/lib64/virtualbox/VirtualBox is a SUID root executable.
> It wants to dlopen VirtualBox.so.
> VirtualBox.so depends on finding VBoxVMM.so in the same directory. It has
> RPATH: [$ORIGIN].
> So yes, it is related to the recent vulnerability fix. You should report it to
> the packager of VirtualBox-OSE. Note that the package is not included in
> Fedora.
> (CANTFIX?)

Thanks for your reply. I wrote bugreport in rpmfusion bugzilla: https://bugzilla.rpmfusion.org/show_bug.cgi?id=1465
Comment 3 Andreas Schwab 2010-10-22 09:24:16 UTC 
Not a bug but a feature.
Note You need to log in before you can comment on or make changes to this bug.