[Bug 1700272] Re: ldd secure execution mode

Launchpad Bug Tracker 1700272 at bugs.launchpad.net
Sun Jun 25 14:10:06 UTC 2017 

Status changed to 'Confirmed' because the bug affects multiple users.

** Changed in: glibc (Ubuntu)
       Status: New => Confirmed

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to glibc in Ubuntu.
https://bugs.launchpad.net/bugs/1700272

Title:
  ldd secure execution mode

Status in glibc package in Ubuntu:
  Confirmed

Bug description:
  Hello,

  I noticed that ldd gives wrong results when run
  a) with the LD_LIBRARY_PATH environment variable set to some folder and
  b) on a binary that will be launched in "secure execution mode" by ld.so (see "man ld.so").

  Steps to reproduce:
  1. Create a file hello_world.c:
  #include <stdio.h>
  int main() {
  	puts("Hello, World!");
  	puts("Press enter to quit");
  	scanf("%*c");
  }
  2. Compile:
  $ gcc -o hello_world hello_world.c
  3. Attach a capability to the compiled binary, in order to trigger secure execution mode:
  $ sudo setcap CAP_NET_BIND_SERVICE=ep hello_world
  4. Make the system's libc available somewhere else:
  $ cp /lib/x86_64-linux-gnu/libc.so.6 .

  In this setup, when you run LD_LIBRARY_PATH=. ldd hello_world, then ldd will report that the binary will use the libc in the local folder.
  Actual output:
  $ LD_LIBRARY_PATH=. ldd hello_world
  	linux-vdso.so.1 =>  (0x00007ffdbb76a000)
  	libc.so.6 => ./libc.so.6 (0x00007f68a182a000)
  	/lib64/ld-linux-x86-64.so.2 (0x00005651d2ef7000)

  However, when you actually run the binary with
  $ LD_LIBRARY_PATH=. ./hello_world
  then the binary will use the standard library search path and _not_ use ./libc.so.6 .
  You can see this by starting the binary in one terminal, and running the following command in another terminal while the binary is still running:
  $ sudo cat /proc/$(pidof hello_world)/maps

  This gives me an output like:
  [...]
  7f76193d5000-7f7619595000 r-xp 00000000 fc:00 2494866                    /lib/x86_64-linux-gnu/libc-2.23.so
  7f7619595000-7f7619795000 ---p 001c0000 fc:00 2494866                    /lib/x86_64-linux-gnu/libc-2.23.so
  7f7619795000-7f7619799000 r--p 001c0000 fc:00 2494866                    /lib/x86_64-linux-gnu/libc-2.23.so
  7f7619799000-7f761979b000 rw-p 001c4000 fc:00 2494866                    /lib/x86_64-linux-gnu/libc-2.23.so
  [...]

  I believe that this is due to the secure execution mode mentioned in
  the ld.so man page, so this probably also affects set-uid binaries and
  possibly some other environment variables that control the linker
  behaviour.

  I'm using Ubuntu 16.04.2 (LTS). ldd is on version "ldd (Ubuntu GLIBC
  2.23-0ubuntu9) 2.23". The libc-bin package (containing ldd) has
  version "2.23-0ubuntu9".

  Best regards!

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/glibc/+bug/1700272/+subscriptions

More information about the foundations-bugs mailing list