From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/4486 Path: news.gmane.org!not-for-mail From: orc Newsgroups: gmane.linux.lib.musl.general Subject: Re: install.sh is wrong with libc.so Date: Wed, 15 Jan 2014 19:52:19 +0800 Message-ID: References: <5905c9fb-9fc8-4cf1-ac29-ed830c8ae5a1@email.android.com> <20140115123552.39250038@mopad> Reply-To: musl@lists.openwall.com NNTP-Posting-Host: plane.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-Trace: ger.gmane.org 1389786749 27509 80.91.229.3 (15 Jan 2014 11:52:29 GMT) X-Complaints-To: usenet@ger.gmane.org NNTP-Posting-Date: Wed, 15 Jan 2014 11:52:29 +0000 (UTC) To: musl@lists.openwall.com Original-X-From: musl-return-4490-gllmg-musl=m.gmane.org@lists.openwall.com Wed Jan 15 12:52:35 2014 Return-path: Envelope-to: gllmg-musl@plane.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by plane.gmane.org with smtp (Exim 4.69) (envelope-from ) id 1W3P1P-0008IJ-DM for gllmg-musl@plane.gmane.org; Wed, 15 Jan 2014 12:52:35 +0100 Original-Received: (qmail 26296 invoked by uid 550); 15 Jan 2014 11:52:34 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: Original-Received: (qmail 26288 invoked from network); 15 Jan 2014 11:52:34 -0000 User-Agent: K-9 Mail for Android In-Reply-To: <20140115123552.39250038@mopad> Xref: news.gmane.org gmane.linux.lib.musl.general:4486 Archived-At: Christian Wiese пишет: >Hi, > >On Wed, 15 Jan 2014 16:42:08 +0800 >orc wrote: > >> In case of executable files (which libc.so is), install.sh is wrong >> and dangerous. >Just for curiosity, what do you mean in particular to be "dangerous"? Dangerous in case after performing installation, dynamic linked system becomes unusable: no logins are accepted, no shell can be spawned, even self-boot with init= kernel command line will give you nothing but a kernel panic. (Of course I should have a static linked busybox, but I even did not expected such a change will occur since 0.9.12) >> >> The sequence of commands of install.sh from 0.9.15: >> >> umask 077 >> cat < lib/libc.so > /lib/libc.so.tmp.pid # /lib/libc.so.tmp.pid is >> created with mode 600 >> mv -f /lib/libc.so.tmp.pid /lib/libc.so >> chmod 755 /lib/libc.so # failed with "Permission denied" > >I just checked the build logs on my own musl based builds that are >installing things into a dedicated "sysroot directory" for that build, >and the install just works fine. >I think what you are doing is calling 'make install' as a non-root >user which will obviously fail. >What I do not really get is why a normal user should be able to install >a '/lib/lbc.so' anyway. That somehow feels more dangerous to me, but >maybe I do not get the whole picture here, as you just provided some >snippets and you are not telling us how your build process actually >looks like. > >I think the info about how you are building would be quite helpful. I did installation as root user. I also do not run restrictive/hardened kernels. Sorry I lost log of installation, but after installing 0.9.15' libc.so "make install" refused to run with "Permission denied" error. Rest is simple: no command can be executed, login attempts refused, symptoms like "rm -fr /" was executed, only with "Permission denied". Only boot from rescue flash drive with prepared initrd showed that /lib/libc.so was half-installed with mode 600. > >Cheers, >Chris