Message ID | 20201030223626.1918737-1-hjl.tools@gmail.com |
---|---|
State | New |
Headers | show |
Series | tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820] | expand |
* H. J. Lu: > commit def674652eeac60c386d04733318b311f8a5b620 > Author: Florian Weimer <fweimer@redhat.com> > Date: Mon Apr 27 15:00:14 2020 +0200 > > nptl/tst-setuid1-static: Improve isolation from system objects > > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system > libraries. > > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH > for tst-setuid1-static to support > > struct passwd *pwd = getpwnam ("nobody"); > > in nptl/tst-setuid1.c. > --- > nptl/Makefile | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/nptl/Makefile b/nptl/Makefile > index d47e8a81d9..f4134916b2 100644 > --- a/nptl/Makefile > +++ b/nptl/Makefile > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so > # The test uses dlopen indirectly and would otherwise load system > # objects. > tst-setuid1-static-ENV = \ > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss > > # The tests here better do not run in parallel. > ifeq ($(run-built-tests),yes) This looks incompletely to me still. nptl/tst-setuid1.c needs a a call to __nss_configure_lookup, to avoid picking up system NSS modules via /etc/nsswitch.conf. Thanks, Florian
On Mon, Nov 2, 2020 at 4:57 AM Florian Weimer <fweimer@redhat.com> wrote: > > * H. J. Lu: > > > commit def674652eeac60c386d04733318b311f8a5b620 > > Author: Florian Weimer <fweimer@redhat.com> > > Date: Mon Apr 27 15:00:14 2020 +0200 > > > > nptl/tst-setuid1-static: Improve isolation from system objects > > > > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system > > libraries. > > > > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH > > for tst-setuid1-static to support > > > > struct passwd *pwd = getpwnam ("nobody"); > > > > in nptl/tst-setuid1.c. > > --- > > nptl/Makefile | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/nptl/Makefile b/nptl/Makefile > > index d47e8a81d9..f4134916b2 100644 > > --- a/nptl/Makefile > > +++ b/nptl/Makefile > > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so > > # The test uses dlopen indirectly and would otherwise load system > > # objects. > > tst-setuid1-static-ENV = \ > > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf > > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss > > > > # The tests here better do not run in parallel. > > ifeq ($(run-built-tests),yes) > > This looks incompletely to me still. nptl/tst-setuid1.c needs a a call > to __nss_configure_lookup, to avoid picking up system NSS modules via > /etc/nsswitch.conf. > This will hide: https://sourceware.org/bugzilla/show_bug.cgi?id=26825 I'd like to get it fixed first.
* H. J. Lu: > On Mon, Nov 2, 2020 at 4:57 AM Florian Weimer <fweimer@redhat.com> wrote: >> >> * H. J. Lu: >> >> > commit def674652eeac60c386d04733318b311f8a5b620 >> > Author: Florian Weimer <fweimer@redhat.com> >> > Date: Mon Apr 27 15:00:14 2020 +0200 >> > >> > nptl/tst-setuid1-static: Improve isolation from system objects >> > >> > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system >> > libraries. >> > >> > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH >> > for tst-setuid1-static to support >> > >> > struct passwd *pwd = getpwnam ("nobody"); >> > >> > in nptl/tst-setuid1.c. >> > --- >> > nptl/Makefile | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > diff --git a/nptl/Makefile b/nptl/Makefile >> > index d47e8a81d9..f4134916b2 100644 >> > --- a/nptl/Makefile >> > +++ b/nptl/Makefile >> > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so >> > # The test uses dlopen indirectly and would otherwise load system >> > # objects. >> > tst-setuid1-static-ENV = \ >> > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf >> > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss >> > >> > # The tests here better do not run in parallel. >> > ifeq ($(run-built-tests),yes) >> >> This looks incompletely to me still. nptl/tst-setuid1.c needs a a call >> to __nss_configure_lookup, to avoid picking up system NSS modules via >> /etc/nsswitch.conf. >> > > This will hide: > > https://sourceware.org/bugzilla/show_bug.cgi?id=26825 > > I'd like to get it fixed first. Okay, in this case, the patch is okay as posted. I suspect bug 26825 may not be easy to fix. Thanks, Florian
On Tue, Nov 3, 2020 at 10:02 AM Florian Weimer <fweimer@redhat.com> wrote: > > * H. J. Lu: > > > On Mon, Nov 2, 2020 at 4:57 AM Florian Weimer <fweimer@redhat.com> wrote: > >> > >> * H. J. Lu: > >> > >> > commit def674652eeac60c386d04733318b311f8a5b620 > >> > Author: Florian Weimer <fweimer@redhat.com> > >> > Date: Mon Apr 27 15:00:14 2020 +0200 > >> > > >> > nptl/tst-setuid1-static: Improve isolation from system objects > >> > > >> > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system > >> > libraries. > >> > > >> > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH > >> > for tst-setuid1-static to support > >> > > >> > struct passwd *pwd = getpwnam ("nobody"); > >> > > >> > in nptl/tst-setuid1.c. > >> > --- > >> > nptl/Makefile | 2 +- > >> > 1 file changed, 1 insertion(+), 1 deletion(-) > >> > > >> > diff --git a/nptl/Makefile b/nptl/Makefile > >> > index d47e8a81d9..f4134916b2 100644 > >> > --- a/nptl/Makefile > >> > +++ b/nptl/Makefile > >> > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so > >> > # The test uses dlopen indirectly and would otherwise load system > >> > # objects. > >> > tst-setuid1-static-ENV = \ > >> > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf > >> > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss > >> > > >> > # The tests here better do not run in parallel. > >> > ifeq ($(run-built-tests),yes) > >> > >> This looks incompletely to me still. nptl/tst-setuid1.c needs a a call > >> to __nss_configure_lookup, to avoid picking up system NSS modules via > >> /etc/nsswitch.conf. > >> > > > > This will hide: > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=26825 > > > > I'd like to get it fixed first. > > Okay, in this case, the patch is okay as posted. I will check it in. > I suspect bug 26825 may not be easy to fix. > It looks like it. Fortunately, it only impacts dlopen failures in static executables. Thanks.
diff --git a/nptl/Makefile b/nptl/Makefile index d47e8a81d9..f4134916b2 100644 --- a/nptl/Makefile +++ b/nptl/Makefile @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so # The test uses dlopen indirectly and would otherwise load system # objects. tst-setuid1-static-ENV = \ - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss # The tests here better do not run in parallel. ifeq ($(run-built-tests),yes)