Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <df7394c5-217b-809b-f51b-918093cc037e@petroprogram.com>
Date: Sat, 27 Jan 2018 18:20:27 +0200
From: Stefan Fröberg <stefan.froberg@...roprogram.com>
To: Szabolcs Nagy <nsz@...t70.net>
Cc: musl@...ts.openwall.com
Subject: Re: BUG: $ORIGIN does not seem to work

Hi


Szabolcs Nagy kirjoitti 27.01.2018 klo 13:07:
> * Stefan Fröberg <stefan.froberg@...roprogram.com> [2018-01-27 01:50:21 +0200]:
>> My ldd is just symbolic link inside musl chroot environment, to
>> /lib/ld-musl-x86_64.so.1
>> and it's symbolic link to /lib/libc.so
>>
>> Here is readelf output of that test program
>> readelf -d x
>>
>> Dynamic section at offset 0xe10 contains 24 entries:
>>   Tag        Type                         Name/Value
>>  0x0000000000000001 (NEEDED)             Shared library: [libcrypto.so.1.1]
>                                                             ^^^^^^^^^^^^^^^^
> this looks like the wrong library version
>
> if you had straced the ldd output you would have seen
> that musl tries to open lib/libcrypto.so.1.1, but you
> probably only have lib/libcrypto.so.1.0.0 based on the
> glibc ldd output below.
No, that ldd was run inside, pure, chrooted musl environment. No glibc
inside.
These are the only libcrypto* files inside that chroot environment:

 ls -lah /usr/lib/libcrypto.*
-rw-r--r--    1 0        0           5.0M Dec 17 00:24 /usr/lib/libcrypto.a
lrwxrwxrwx    1 0        0             16 Dec 17 00:24
/usr/lib/libcrypto.so -> libcrypto.so.1.1
-rwxr-xr-x    1 0        0           3.0M Jan 26 12:58
/usr/lib/libcrypto.so.1.1

Best Regards
Stefan

> at link time you need to make sure ld picks up the
> right libcrypto.
>
>>  0x0000000000000001 (NEEDED)             Shared library: [libc.so]
>>  0x000000000000000f (RPATH)              Library rpath: [$ORIGIN/lib]
>>  0x000000000000000c (INIT)               0x598
>>  0x000000000000000d (FINI)               0x812
>>  0x000000006ffffef5 (GNU_HASH)           0x220
>>  0x0000000000000005 (STRTAB)             0x390
>>  0x0000000000000006 (SYMTAB)             0x258
>>  0x000000000000000a (STRSZ)              241 (bytes)
>>  0x000000000000000b (SYMENT)             24 (bytes)
>>  0x0000000000000015 (DEBUG)              0x0
>>  0x0000000000000003 (PLTGOT)             0x201000
>>  0x0000000000000002 (PLTRELSZ)           48 (bytes)
>>  0x0000000000000014 (PLTREL)             RELA
>>  0x0000000000000017 (JMPREL)             0x568
>>  0x0000000000000007 (RELA)               0x4c0
>>  0x0000000000000008 (RELASZ)             168 (bytes)
>>  0x0000000000000009 (RELAENT)            24 (bytes)
>>  0x000000006ffffffb (FLAGS_1)            Flags: PIE
>>  0x000000006ffffffe (VERNEED)            0x4a0
>>  0x000000006fffffff (VERNEEDNUM)         1
>>  0x000000006ffffff0 (VERSYM)             0x482
>>  0x000000006ffffff9 (RELACOUNT)          2
>>  0x0000000000000000 (NULL)               0x0
>>
>> So the $ORIGIN/lib is there but for some reason ldd won't show it???
>>
>> Best Regards
>> Stefan Fröberg
>>
>> Szabolcs Nagy kirjoitti 26.01.2018 klo 16:21:
>>> * Stefan Fröberg <stefan.froberg@...roprogram.com> [2018-01-26 15:39:23 +0200]:
>>>> On glibc the following:
>>>>
>>>> gcc  -o x -Wl,-rpath='$ORIGIN/lib' x.c -L ./lib -lcrypto
>>>>
>>>> or
>>>>
>>>> gcc  -o x -Wl,-rpath,'$ORIGIN/lib' x.c -L ./lib -lcrypto
>>>>
>>>> Gives me binary with relative library path
>>>>
>>>> ldd x
>>>>     linux-vdso.so.1 (0x00007ffcb6bee000)
>>>> *    libcrypto.so.1.0.0 => /home/wizard/kal-el/lib/libcrypto.so.1.0.0
>>>> (0x00007f0bc3593000)**
>>>> *    libc.so.6 => /lib64/libc.so.6 (0x00007f0bc31e2000)
>>>>     libdl.so.2 => /lib64/libdl.so.2 (0x00007f0bc2fde000)
>>>>     libz.so.1 => /lib64/libz.so.1 (0x00007f0bc2dc7000)
>>>>     /lib64/ld-linux-x86-64.so.2 (0x00007f0bc39d2000)
>>>>
>>>> cp -rap kal-el/* batman/
>>>> ldd x
>>>>     linux-vdso.so.1 (0x00007ffdbf0b6000)
>>>> *    libcrypto.so.1.0.0 => /home/wizard/batman/lib/libcrypto.so.1.0.0
>>>> (0x00007fb682149000)**
>>>> *    libc.so.6 => /lib64/libc.so.6 (0x00007fb681d98000)
>>>>     libdl.so.2 => /lib64/libdl.so.2 (0x00007fb681b94000)
>>>>     libz.so.1 => /lib64/libz.so.1 (0x00007fb68197d000)
>>>>     /lib64/ld-linux-x86-64.so.2 (0x00007fb682588000)
>>>>
>>>>
>>>> But trying the same with musl does not seem to work?
>>>> ldd x
>>>> /lib/ld-musl-x86_64.so.1 (0x7f07372e2000)
>>>>     libc.so => /lib/ld-musl-x86_64.so.1 (0x7f07372e2000)
>>>>
>>>> and if i remove the -L ./lib from the command it uses system library
>>>> gcc  -o x -Wl,-rpath,'$ORIGIN/lib'  x.c   -lcrypto
>>>> ldd xx
>>>>     /lib/ld-musl-x86_64.so.1 (0x7fdd8618d000)
>>>>     libcrypto.so.1.1 => /usr/lib/libcrypto.so.1.1 (0x7fdd85ed7000)
>>>>     libc.so => /lib/ld-musl-x86_64.so.1 (0x7fdd8618d000)
>>>>
>>>>
>>> $ORIGIN in rpath works fine in musl
>>>
>>> you are doing something wrong
>>>
>>> but it's hard to tell what: your ldd command is looking at
>>> the wrong binary, we don't know what ldd you are using (e.g.
>>> use ld-*-musl.so.1 --list foo to make this explicit), it's
>>> not clear if the binary has $ORIGIN set up correctly since
>>> you showed a gcc command line instead of readelf -d of the
>>> generated executable, we don't know what paths have the
>>> library and what paths the ldso tried (you can check this
>>> by strace).
>>>
>>> (there are some differences between musl and glibc:
>>> e.g. glibc expands $ORIGIN in dlopen too while musl does
>>> not, however in your case musl should work)

Powered by blists - more mailing lists

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.