Description of problem:
After updating glibc from 2.12.90-15 to 2.12.90-17, I can't run VirtualBox as a normal user:
VirtualBox: supR3HardenedMainGetTrustedMain: dlopen("/usr/lib64/virtualbox/VirtualBox.so",) failed: VBoxVMM.so: cannot open shared object file: No such file or directory
As root it runs fine.
Version-Release number of selected component (if applicable):
Name : glibc Relocations: (not relocatable)
Version : 2.12.90 Vendor: Fedora Project
Release : 17 Build Date: Tue Oct 19 16:27:47 2010
Install Date: Thu Oct 21 22:25:26 2010 Build Host: x86-06.phx2.fedoraproject.org
Group : System Environment/Libraries Source RPM: glibc-2.12.90-17.src.rpm
Size : 13295242 License: LGPLv2+ and LGPLv2+ with exceptions and GPLv2+
Signature : RSA/SHA256, Wed Oct 20 04:13:48 2010, Key ID 421caddb97a1071f
Packager : Fedora Project
URL : http://www.gnu.org/software/glibc/
Summary : The GNU libc libraries
Name : VirtualBox-OSE Relocations: (not relocatable)
Version : 3.2.6 Vendor: (none)
Release : 2.fc14 Build Date: Thu Oct 21 19:28:14 2010
Install Date: Thu Oct 21 19:31:54 2010 Build Host: localhost.localdomain
Group : Development/Tools Source RPM: VirtualBox-OSE-3.2.6-2.fc14.src.rpm
Size : 55899372 License: GPLv2 or (GPLv2 and CDDL)
Signature : (none)
URL : http://www.virtualbox.org/wiki/VirtualBox
Summary : A general-purpose full virtualizer for PC hardware
VirtualBox is from rpmfusion repositories, rebuilt manually with rpmbuild.
Steps to Reproduce:
1. Install updated glibc.
2. Install VirtualBox.
3. Try to run it.
It will not start as regulat user. Only as root.
VirtualBox should start.
I think this is due to fix of recent vulnerability in glibc (see CVE-2010-3847 and RHBZ #643306).
/usr/lib64/virtualbox/VirtualBox is a SUID root executable.
It wants to dlopen VirtualBox.so.
VirtualBox.so depends on finding VBoxVMM.so in the same directory. It has RPATH: [$ORIGIN].
So yes, it is related to the recent vulnerability fix. You should report it to the packager of VirtualBox-OSE. Note that the package is not included in Fedora.
(In reply to comment #1)
> /usr/lib64/virtualbox/VirtualBox is a SUID root executable.
> It wants to dlopen VirtualBox.so.
> VirtualBox.so depends on finding VBoxVMM.so in the same directory. It has
> RPATH: [$ORIGIN].
> So yes, it is related to the recent vulnerability fix. You should report it to
> the packager of VirtualBox-OSE. Note that the package is not included in
Thanks for your reply. I wrote bugreport in rpmfusion bugzilla: https://bugzilla.rpmfusion.org/show_bug.cgi?id=1465
Not a bug but a feature.