Hide Forgot
Description of problem: When aide calls "prelink --verify" on a binary, the parent directory's mtime is changed (because prelink --verify writes a temporary file into the parent directory, and then deletes it) Version-Release number of selected component (if applicable): 0.14-3 (note, I actually used the SRPM to back-port this version of aide to RHEL 5) How reproducible: Always Steps to Reproduce: 1. build the aide database 2. run the prelinker 3. run an aide check -- you'll see various directories reported as changed Actual results: many directories containing binaries will be reported as changed Expected results: Nothing should be reported as changed Additional info:
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate and relevant, in the next release of Red Hat Enterprise Linux. If you would like it considered as an exception in the current release, please ask your support representative.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unfortunately unable to address this request at this time. It has been proposed for the next release. If you would like it considered as an exception in the current release, please ask your support representative.
This request was not resolved in time for the current release. Red Hat invites you to ask your support representative to propose this request, if still desired, for consideration in the next release of Red Hat Enterprise Linux.
This request was erroneously removed from consideration in Red Hat Enterprise Linux 6.4, which is currently under development. This request will be evaluated for inclusion in Red Hat Enterprise Linux 6.4.
Changing component to prelink as this looks like a bug in prelink.
This request was evaluated by Red Hat Product Management for inclusion in the current release of Red Hat Enterprise Linux. Because the affected component is not scheduled to be updated in the current release, Red Hat is unable to address this request at this time. Red Hat invites you to ask your support representative to propose this request, if appropriate, in the next release of Red Hat Enterprise Linux.
Created attachment 659597 [details] A partial fix for the prelink verify/directory modification problem I made a trivial patch for the issue of prelink --verify modifying directories. It simply allows specifying the base pathnames (using the -o flag) for the temporary files created during the verify process. It's only a partial fix, though, as it doesn't work properly for dependencies specified with relative paths. For example: # ldd appletviewer linux-vdso.so.1 => (0x00007fff2d88d000) libz.so.1 => /lib64/libz.so.1 (0x0000003531000000) libpthread.so.0 => /lib64/libpthread.so.0 (0x0000003530c00000) libX11.so.6 => /usr/lib64/libX11.so.6 (0x0000003532800000) libjli.so => /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin/./../jre/lib/amd64/jli/libjli.so (0x0000003530400000) libdl.so.2 => /lib64/libdl.so.2 (0x0000003530800000) libc.so.6 => /lib64/libc.so.6 (0x0000003530000000) /lib64/ld-linux-x86-64.so.2 (0x000000352fc00000) libxcb.so.1 => /usr/lib64/libxcb.so.1 (0x0000003533000000) libXau.so.6 => /usr/lib64/libXau.so.6 (0x0000003532c00000) # prelink -o /tmp/verify --verify appletviewer prelink: /tmp/verify.#prelink#.yh3rOP: Recorded 9 dependencies, now seeing -1 This is because libjli.so is specified with a relative path, so depends on the executable being in /usr/lib/jvm/java-1.6.0-openjdk-1.6.0.0.x86_64/bin (for the case here).
That sounds like a flaw in aide, trying to verify something that really doesn't make sense to verify. prelink has to put the temporary files into the same directory as the libraries resp. programs for --verify, otherwise the dynamic linker could not find the right dependencies which can be relative to that (DT_RPATH, DT_RUNPATH etc.). If you don't want to modify the directory, you can only use prelink --undo -o - or similar, which isn't as strong verification as --verify, but doesn't need to write into the same directory.
*** Bug 950625 has been marked as a duplicate of this bug. ***