| Message ID | 20201030223626.1918737-1-hjl.tools@gmail.com |
|---|---|
| State | Committed |
| Commit | fbb71eddb3b392982df12ba432d19f347c3799f6 |
| Headers |
Return-Path: <libc-alpha-bounces@sourceware.org> X-Original-To: patchwork@sourceware.org Delivered-To: patchwork@sourceware.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id 301FD3857008; Fri, 30 Oct 2020 22:36:45 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 301FD3857008 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=sourceware.org; s=default; t=1604097405; bh=52QvrCOM4Dj2RlUu5FDuJtKTzoT8q/ipspevND9KvDc=; h=To:Subject:Date:List-Id:List-Unsubscribe:List-Archive:List-Post: List-Help:List-Subscribe:From:Reply-To:Cc:From; b=AbYKWyWVeEJF0spaKp/E2kmeSH8DmP/SUvCXNnE1dpDf9CZbYjg1vd56zl28T8vVx d0QJPs5jWHN6rN+qo9RIQRmHVbLhDEl+aAy6daMU7k+ax7ppzIQpkdtBZmOzdqkpt/ 4ix4Vm5w0X+0uXhWTDwMyossoPLhTy2ahpcTZzUo= X-Original-To: libc-alpha@sourceware.org Delivered-To: libc-alpha@sourceware.org Received: from mail-pg1-x52e.google.com (mail-pg1-x52e.google.com [IPv6:2607:f8b0:4864:20::52e]) by sourceware.org (Postfix) with ESMTPS id 33BEA3857802 for <libc-alpha@sourceware.org>; Fri, 30 Oct 2020 22:36:40 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.3.2 sourceware.org 33BEA3857802 Received: by mail-pg1-x52e.google.com with SMTP id r186so6423707pgr.0 for <libc-alpha@sourceware.org>; Fri, 30 Oct 2020 15:36:40 -0700 (PDT) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding; bh=52QvrCOM4Dj2RlUu5FDuJtKTzoT8q/ipspevND9KvDc=; b=Gz1YC9uFqhumkRTkEY4+qazBXDmSFZ2b33NidYXhUB6YdDh55yjKtr3vTCV7mQu3zh Ber8j9LN42xWWKWTaSm3HVU7kHEJ6K0+TJZU8pWrNIre47J+FwZAwfHwcypZs8CGXrMV 5o8BsyMchRRg8qHilp9a+nX7QYQk9Y/xO/gotbsUhERAYTQbNzGpRJgLWlJflIeIWVxc A6EPuVgxVKW0Rhqazg25h3K1VvspPf8TLKHVEQkh5MUm+g6kIGPRPp2qNNZyCobrlgje AcEx0RN5T/Oy7qYBuO7fRnFIY6P3Zjcvpb3DTL0LmYdw7wMJDvYBZdznZ52Ae5Ohc+Vt U9yw== X-Gm-Message-State: AOAM531ZVoZZSO17h1rcjSTUdBh+GgJ65EBT4ZKr2yrWFh3Hwr7YDW3R XTeBHcM+kMtzs9VCCJdu+8rVn9dlAp8= X-Google-Smtp-Source: ABdhPJxD0Noccj2ClLjh9F5igj6AzSNJTIC0dNSiwSzG5RWiXoz1GYCScVRQBZw+UM+3L55Xs45oEw== X-Received: by 2002:a17:90b:807:: with SMTP id bk7mr5293595pjb.166.1604097399332; Fri, 30 Oct 2020 15:36:39 -0700 (PDT) Received: from gnu-cfl-2.localdomain (c-69-181-90-243.hsd1.ca.comcast.net. [69.181.90.243]) by smtp.gmail.com with ESMTPSA id v7sm6650709pfn.213.2020.10.30.15.36.38 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Fri, 30 Oct 2020 15:36:38 -0700 (PDT) Received: from gnu-cfl-2.localdomain (localhost [IPv6:::1]) by gnu-cfl-2.localdomain (Postfix) with ESMTP id 636271A013F; Fri, 30 Oct 2020 15:36:31 -0700 (PDT) To: libc-alpha@sourceware.org Subject: [PATCH] tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820] Date: Fri, 30 Oct 2020 15:36:26 -0700 Message-Id: <20201030223626.1918737-1-hjl.tools@gmail.com> X-Mailer: git-send-email 2.28.0 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Spam-Status: No, score=-3041.0 required=5.0 tests=BAYES_00, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, FREEMAIL_FROM, GIT_PATCH_0, RCVD_IN_DNSWL_NONE, SPF_HELO_NONE, SPF_PASS, TXREP autolearn=ham autolearn_force=no version=3.4.2 X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on server2.sourceware.org X-BeenThere: libc-alpha@sourceware.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Libc-alpha mailing list <libc-alpha.sourceware.org> List-Unsubscribe: <https://sourceware.org/mailman/options/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=unsubscribe> List-Archive: <https://sourceware.org/pipermail/libc-alpha/> List-Post: <mailto:libc-alpha@sourceware.org> List-Help: <mailto:libc-alpha-request@sourceware.org?subject=help> List-Subscribe: <https://sourceware.org/mailman/listinfo/libc-alpha>, <mailto:libc-alpha-request@sourceware.org?subject=subscribe> From: "H.J. Lu via Libc-alpha" <libc-alpha@sourceware.org> Reply-To: "H.J. Lu" <hjl.tools@gmail.com> Cc: Florian Weimer <fweimer@redhat.com> Errors-To: libc-alpha-bounces@sourceware.org Sender: "Libc-alpha" <libc-alpha-bounces@sourceware.org> |
| Series |
tst-setuid1-static-ENV: Add $(common-objpfx)nss [BZ #26820]
|
|
Commit Message
H.J. Lu
Oct. 30, 2020, 10:36 p.m. UTC
commit def674652eeac60c386d04733318b311f8a5b620
Author: Florian Weimer <fweimer@redhat.com>
Date: Mon Apr 27 15:00:14 2020 +0200
nptl/tst-setuid1-static: Improve isolation from system objects
Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system
libraries.
missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH
for tst-setuid1-static to support
struct passwd *pwd = getpwnam ("nobody");
in nptl/tst-setuid1.c.
---
nptl/Makefile | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
Comments
* H. J. Lu: > commit def674652eeac60c386d04733318b311f8a5b620 > Author: Florian Weimer <fweimer@redhat.com> > Date: Mon Apr 27 15:00:14 2020 +0200 > > nptl/tst-setuid1-static: Improve isolation from system objects > > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system > libraries. > > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH > for tst-setuid1-static to support > > struct passwd *pwd = getpwnam ("nobody"); > > in nptl/tst-setuid1.c. > --- > nptl/Makefile | 2 +- > 1 file changed, 1 insertion(+), 1 deletion(-) > > diff --git a/nptl/Makefile b/nptl/Makefile > index d47e8a81d9..f4134916b2 100644 > --- a/nptl/Makefile > +++ b/nptl/Makefile > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so > # The test uses dlopen indirectly and would otherwise load system > # objects. > tst-setuid1-static-ENV = \ > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss > > # The tests here better do not run in parallel. > ifeq ($(run-built-tests),yes) This looks incompletely to me still. nptl/tst-setuid1.c needs a a call to __nss_configure_lookup, to avoid picking up system NSS modules via /etc/nsswitch.conf. Thanks, Florian
On Mon, Nov 2, 2020 at 4:57 AM Florian Weimer <fweimer@redhat.com> wrote: > > * H. J. Lu: > > > commit def674652eeac60c386d04733318b311f8a5b620 > > Author: Florian Weimer <fweimer@redhat.com> > > Date: Mon Apr 27 15:00:14 2020 +0200 > > > > nptl/tst-setuid1-static: Improve isolation from system objects > > > > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system > > libraries. > > > > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH > > for tst-setuid1-static to support > > > > struct passwd *pwd = getpwnam ("nobody"); > > > > in nptl/tst-setuid1.c. > > --- > > nptl/Makefile | 2 +- > > 1 file changed, 1 insertion(+), 1 deletion(-) > > > > diff --git a/nptl/Makefile b/nptl/Makefile > > index d47e8a81d9..f4134916b2 100644 > > --- a/nptl/Makefile > > +++ b/nptl/Makefile > > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so > > # The test uses dlopen indirectly and would otherwise load system > > # objects. > > tst-setuid1-static-ENV = \ > > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf > > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss > > > > # The tests here better do not run in parallel. > > ifeq ($(run-built-tests),yes) > > This looks incompletely to me still. nptl/tst-setuid1.c needs a a call > to __nss_configure_lookup, to avoid picking up system NSS modules via > /etc/nsswitch.conf. > This will hide: https://sourceware.org/bugzilla/show_bug.cgi?id=26825 I'd like to get it fixed first.
* H. J. Lu: > On Mon, Nov 2, 2020 at 4:57 AM Florian Weimer <fweimer@redhat.com> wrote: >> >> * H. J. Lu: >> >> > commit def674652eeac60c386d04733318b311f8a5b620 >> > Author: Florian Weimer <fweimer@redhat.com> >> > Date: Mon Apr 27 15:00:14 2020 +0200 >> > >> > nptl/tst-setuid1-static: Improve isolation from system objects >> > >> > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system >> > libraries. >> > >> > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH >> > for tst-setuid1-static to support >> > >> > struct passwd *pwd = getpwnam ("nobody"); >> > >> > in nptl/tst-setuid1.c. >> > --- >> > nptl/Makefile | 2 +- >> > 1 file changed, 1 insertion(+), 1 deletion(-) >> > >> > diff --git a/nptl/Makefile b/nptl/Makefile >> > index d47e8a81d9..f4134916b2 100644 >> > --- a/nptl/Makefile >> > +++ b/nptl/Makefile >> > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so >> > # The test uses dlopen indirectly and would otherwise load system >> > # objects. >> > tst-setuid1-static-ENV = \ >> > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf >> > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss >> > >> > # The tests here better do not run in parallel. >> > ifeq ($(run-built-tests),yes) >> >> This looks incompletely to me still. nptl/tst-setuid1.c needs a a call >> to __nss_configure_lookup, to avoid picking up system NSS modules via >> /etc/nsswitch.conf. >> > > This will hide: > > https://sourceware.org/bugzilla/show_bug.cgi?id=26825 > > I'd like to get it fixed first. Okay, in this case, the patch is okay as posted. I suspect bug 26825 may not be easy to fix. Thanks, Florian
On Tue, Nov 3, 2020 at 10:02 AM Florian Weimer <fweimer@redhat.com> wrote: > > * H. J. Lu: > > > On Mon, Nov 2, 2020 at 4:57 AM Florian Weimer <fweimer@redhat.com> wrote: > >> > >> * H. J. Lu: > >> > >> > commit def674652eeac60c386d04733318b311f8a5b620 > >> > Author: Florian Weimer <fweimer@redhat.com> > >> > Date: Mon Apr 27 15:00:14 2020 +0200 > >> > > >> > nptl/tst-setuid1-static: Improve isolation from system objects > >> > > >> > Static dlopen needs an LD_LIBRARY_PATH setting to avoid loading system > >> > libraries. > >> > > >> > missed $(common-objpfx)nss. Add $(common-objpfx)nss to LD_LIBRARY_PATH > >> > for tst-setuid1-static to support > >> > > >> > struct passwd *pwd = getpwnam ("nobody"); > >> > > >> > in nptl/tst-setuid1.c. > >> > --- > >> > nptl/Makefile | 2 +- > >> > 1 file changed, 1 insertion(+), 1 deletion(-) > >> > > >> > diff --git a/nptl/Makefile b/nptl/Makefile > >> > index d47e8a81d9..f4134916b2 100644 > >> > --- a/nptl/Makefile > >> > +++ b/nptl/Makefile > >> > @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so > >> > # The test uses dlopen indirectly and would otherwise load system > >> > # objects. > >> > tst-setuid1-static-ENV = \ > >> > - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf > >> > + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss > >> > > >> > # The tests here better do not run in parallel. > >> > ifeq ($(run-built-tests),yes) > >> > >> This looks incompletely to me still. nptl/tst-setuid1.c needs a a call > >> to __nss_configure_lookup, to avoid picking up system NSS modules via > >> /etc/nsswitch.conf. > >> > > > > This will hide: > > > > https://sourceware.org/bugzilla/show_bug.cgi?id=26825 > > > > I'd like to get it fixed first. > > Okay, in this case, the patch is okay as posted. I will check it in. > I suspect bug 26825 may not be easy to fix. > It looks like it. Fortunately, it only impacts dlopen failures in static executables. Thanks.
diff --git a/nptl/Makefile b/nptl/Makefile index d47e8a81d9..f4134916b2 100644 --- a/nptl/Makefile +++ b/nptl/Makefile @@ -614,7 +614,7 @@ tst-audit-threads-ENV = LD_AUDIT=$(objpfx)tst-audit-threads-mod1.so # The test uses dlopen indirectly and would otherwise load system # objects. tst-setuid1-static-ENV = \ - LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf + LD_LIBRARY_PATH=$(objpfx):$(common-objpfx):$(common-objpfx)elf:$(common-objpfx)nss # The tests here better do not run in parallel. ifeq ($(run-built-tests),yes)