[Bug 915995] Re: ldconfig makes system loader /lib/ld-linux.so.2 to be linked to 3rd party loaders in /lib directory

Duane Rezac duane.rezac.ctr at dla.mil
Thu Mar 7 13:04:03 UTC 2013 

Here is something I have discoverd with this bug.  The problem is caused
by ldconfig following a symbolic link that points to a symbolic link.
man ldconfig indicates that ldconfig should ignore symbolic links.  We
are running the McAfee Epo Ageent and LinuxShield. (we are also running
the McAfee product on Redhat 5-enterprise, and this problem does not
occur.)

In /lib,  ld-nails.so.2 and ld-mfert.so.2 are both symboic links that
point to a ld-linux.so.2 in McAfees /lib,  ld-linux.so.2 in the mcafee
libs are symbolic links to a mcafee lib.  For Example. ld-mfert.so.2 in
/lib points to /opt/McAfee/runtime/2.0/lib/ld-linux.so.2 which is a
symbolic link to /opt/McAfee/runtime/2.0/lib/ld-2.5.so

Output of ldconfig  -N -X  -v shows that ldconfig is linking ld-
linux.so.2 to /lib/ld-nails.so.2 or /llib/d-mfert.so.2.

ldconfig is following the symbolic link in /lib, and since the McAfee files contain the SONAME ld-linux.so.2, it links them to /lib
It appears that ldconfig is resolving the links, as the ld-linux.so.2 that it links in /lib  fromo the MacAfee file (in this case ld-mfert.so.2) will point to /opt/McAfee/runtime/2.0/lib/ld-2.5.so 


Note: once your system has been corrupted, an easy fix is to boot with a live cd, mount the root file system (for example, to /mnt/fubarroot)  then use copy -P to copy /lib/ld-linux.so.2 from the live cd to your mounted root file system's /lib  (copy -P /lib/ld-linux.so.2 /mnt/fubarroot/lib ) - reboot and all is well until ldconfig gets run again.  The best workarount I have seen is to shut down nails and cma, remove the links, run updates, re-create the McAfee Links, restart cma and nails.

Scripts I use:

mcoff
#!/bin/sh
# keep McAfee from stepping on /lib/ld-linux.so.2
# turn off McAfee and unlink libs in /lib
/etc/init.d/nails stop
/etc/init.d/cma stop
rm /lib/ld-mfert.so.2
rm /lib/ld-nails.so.2
echo McAfee Agent and VSE Disabled


mcon
#!/bin/sh
# keep McAfee from stepping on /lib/ld-linux.so.2
# re-enable links and restart McAfee

ln -s /opt/McAfee/runtime/2.0/lib/ld-linux.so.2 /lib/ld-mfert.so.2
ln -s /opt/NAI/LinuxShield/lib/ld-linux.so.2 /lib/ld-nails.so.2
/etc/init.d/cma start
/etc/init.d/nails start
echo McAfee Agent and VSE enabled

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to eglibc in Ubuntu.
https://bugs.launchpad.net/bugs/915995

Title:
  ldconfig makes system loader /lib/ld-linux.so.2 to be linked to 3rd
  party loaders in /lib directory

Status in “eglibc” package in Ubuntu:
  Invalid
Status in “eglibc” package in Debian:
  Fix Released

Bug description:
  Package: libc-bin
  Version: 2.13-0ubuntu13
  Severity: Critical
  Source: eglibc
  Architecture: i386
  System having installed with some 3rd party loaders (ld-<name>.so.x) in /lib directory. With these loaders present if we run ldconfig, its removing the system loader symbolic link ld-linux.so.2 in /lib directory from /lib/i286-linux-gnu/ld-2.13.so and creating the symbolic link to one of the 3rd party loaders(in my case link to ld-nails.so.2) present in /lib directory. As ldconfig not link to proper system loader, system gets unusable and system crashes if we reboot.
  Captured the strace logs for "ldconfig".
  4470  15:25:20 close(4)                 = 0
  4470  15:25:20 stat64("/lib/libhistory.so.6", {st_mode=S_IFREG|0644, st_size=30060, ...}) = 0
  4470  15:25:20 stat64("/lib/libatm.so.1", {st_mode=S_IFREG|0644, st_size=34452, ...}) = 0
  4470  15:25:20 getdents64(3, /* 0 entries */, 32768) = 0
  4470  15:25:20 close(3)                 = 0
  4470  15:25:20 stat64("/lib/libcrypto.so.0.9.8", {st_mode=S_IFREG|0644, st_size=1341364, ...}) = 0
  4470  15:25:20 stat64("/lib/libcrypto.so.0.9.8", {st_mode=S_IFREG|0644, st_size=1341364, ...}) = 0
  4470  15:25:20 stat64("/lib/libatm.so.1", {st_mode=S_IFREG|0644, st_size=34452, ...}) = 0
  4470  15:25:20 stat64("/lib/libatm.so.1.0.0", {st_mode=S_IFREG|0644, st_size=34452, ...}) = 0
  4470  15:25:20 stat64("/lib/libnih-dbus.so.1", {st_mode=S_IFREG|0644, st_size=29984, ...}) = 0
  4470  15:25:20 stat64("/lib/libnih-dbus.so.1.0.0", {st_mode=S_IFREG|0644, st_size=29984, ...}) = 0
  4470  15:25:20 stat64("/lib/libhistory.so.6", {st_mode=S_IFREG|0644, st_size=30060, ...}) = 0
  4470  15:25:20 stat64("/lib/libhistory.so.6.2", {st_mode=S_IFREG|0644, st_size=30060, ...}) = 0
  4470  15:25:20 stat64("/lib/libdevmapper.so.1.02.1", {st_mode=S_IFREG|0644, st_size=137308, ...}) = 0
  4470  15:25:20 stat64("/lib/libdevmapper.so.1.02.1", {st_mode=S_IFREG|0644, st_size=137308, ...}) = 0
  4470  15:25:20 stat64("/lib/libproc-3.2.8.so", {st_mode=S_IFREG|0644, st_size=59108, ...}) = 0
  4470  15:25:20 stat64("/lib/libproc-3.2.8.so", {st_mode=S_IFREG|0644, st_size=59108, ...}) = 0
  4470  15:25:20 stat64("/lib/libfuse.so.2", {st_mode=S_IFREG|0644, st_size=158272, ...}) = 0
  4470  15:25:20 stat64("/lib/libfuse.so.2.8.4", {st_mode=S_IFREG|0644, st_size=158272, ...}) = 0
  4470  15:25:20 stat64("/lib/libxtables.so.5", {st_mode=S_IFREG|0644, st_size=26104, ...}) = 0
  4470  15:25:20 stat64("/lib/libxtables.so.5.0.0", {st_mode=S_IFREG|0644, st_size=26104, ...}) = 0
  4470  15:25:20 stat64("/lib/libssl.so.0.9.8", {st_mode=S_IFREG|0644, st_size=294696, ...}) = 0
  4470  15:25:20 stat64("/lib/libssl.so.0.9.8", {st_mode=S_IFREG|0644, st_size=294696, ...}) = 0
  4470  15:25:20 stat64("/lib/libipq_pic.so.0", {st_mode=S_IFREG|0644, st_size=9688, ...}) = 0
  4470  15:25:20 stat64("/lib/libipq_pic.so.0.0.0", {st_mode=S_IFREG|0644, st_size=9688, ...}) = 0
  4470  15:25:20 stat64("/lib/libparted.so.0", {st_mode=S_IFREG|0644, st_size=425316, ...}) = 0
  4470  15:25:20 stat64("/lib/libparted.so.0.0.1", {st_mode=S_IFREG|0644, st_size=425316, ...}) = 0
  4470  15:25:20 stat64("/lib/libiptc.so.0", {st_mode=S_IFREG|0644, st_size=5212, ...}) = 0
  4470  15:25:20 stat64("/lib/libiptc.so.0.0.0", {st_mode=S_IFREG|0644, st_size=5212, ...}) = 0
  4470  15:25:20 stat64("/lib/libiw.so.30", {st_mode=S_IFREG|0644, st_size=30120, ...}) = 0
  4470  15:25:20 stat64("/lib/libiw.so.30", {st_mode=S_IFREG|0644, st_size=30120, ...}) = 0
  4470  15:25:20 stat64("/lib/ld-linux.so.2", {st_mode=S_IFREG|0755, st_size=117960, ...}) = 0
  4470  15:25:20 stat64("/lib/ld-nails.so.2", {st_mode=S_IFREG|0750, st_size=124720, ...}) = 0
  4470  15:25:20 lstat64("/lib/ld-linux.so.2", {st_mode=S_IFLNK|0777, st_size=25, ...}) = 0
  4470  15:25:20 unlink("/lib/ld-linux.so.2") = 0
  4470  15:25:20 symlink("ld-nails.so.2", "/lib/ld-linux.so.2") = 0
  This issue reproduce only on Ubuntu 11.04. As ldconfig is creating symbolic link causing the system unusable. Want to know why ldconfig is linking to 3rd party loaders instead of system loader ld-2.13.so and appreciate if you could provide the workaround for this issue.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/eglibc/+bug/915995/+subscriptions

More information about the foundations-bugs mailing list