1830899 Members
2453 Online
110017 Solutions
New Discussion

setuid SHLIB_PATH issue

 
Vineesh U S
Occasional Advisor

setuid SHLIB_PATH issue

Hi All,
We are facing a problem while executing our binaries. It says:
# /usr/lib/dld.sl: Can't find path for shared library: libregexpu.sl
/usr/lib/dld.sl: No such file or directory

*************************************************************************************
Background:
-----------

I am creating executables with shared library (runtime linking).
For this, I have not set the linker options to +s, to prevent it from take anything from SHLIB_PATH, since I have all my libraries in $serverroot/lib. Please see the options specified by me

DYNAMIC_LINK_OPT = -AA -Wl,-a,shared_archive -Wl,+b,$(DYNAMIC_LIB_RUNTIME):$(PLATFORM_LIB_RUNTIME)

where,
DYNAMIC_LIB_RUNTIME = .:../lib
PLATFORM_LIB_RUNTIME=/usr/lib

Now when I run the binaries created with above options, I get the error
# /usr/lib/dld.sl: Can't find path for shared library: libregexpu.sl
/usr/lib/dld.sl: No such file or directory
*************************************************************************************

Though all the required libraries are in ../lib, it is not taken. But when I change the attribute using chatr command,
chatr +s enable binaryname it takes and the error does not come.

Has any one faced this issue?

I am using aCC: HP ANSI C++ B3910B A.03.55

My doubts:
1. Why does it work when I run chatr on binary?
2. Which library does it take? the one in SHLIB_PATH or the one is $serverroot/lib?
3. Why does it not take from $serverroot/lib?



Though the chatr command provides a workaround we are not interested to use this option as it may open up possiblities for security issues.

When I looked into code I could see that before calling 'execv' the code sets uid and gid using functions setuid and setgid. Does this cause any problem, coz I remember setuid can cause some permission issues. Is there any solution for the problem?

Your comments on this issue will be greatly appreciated.

Thanks and regards
vineesh
4 REPLIES 4
ranganath ramachandra
Esteemed Contributor

Re: setuid SHLIB_PATH issue

please go through the man pages for ld, dld.sl, chatr and ldd. you could also get more information from the linker online guide ("ld +help"):
http://docs.hp.com/hpux/onlinedocs/B2355-90655/B2355-90655.html

the "+s" option of ld will let you enable SHLIB_PATH lookup in the binary which you are linking. this is same as running 'chatr +s enable' after linking.

it is not clear where you are specifying "$serverroot". i guess what you need is "$ORIGIN" in your embedded path, you can set
DYNAMIC_LIB_RUNTIME=\$ORIGIN/../lib . at load time the loader will replace $ORIGIN by the name of the directory where the executable was loaded from. instead,

if you know where your libraries will be installed on the system, you can also use a better (absolute) embedded path or ld's "+cdp" option.

SHLIB_PATH is not considered for setuid executables.

you can use ldd to find out which libraries are being used.

having "/usr/lib" in the library lookup path is not good for portability.
 
--
ranga
hp-ux 11i v3[i work for hpe]

Accept or Kudo

Vineesh U S
Occasional Advisor

Re: setuid SHLIB_PATH issue

Hi Ranganath,
Thank you for the prompt response.

As far as $serverroot is concerned, I had used it to designate that was my installdirectory for my applcation,which happens to be a server :)

Earlier I was using $$ORIGIN, but it seemed not to be working. Need a clarification, is it $ORIGN or $$ORIGIN? From your I am getting a bit confused, coz I had used $$ORIGIN.

Can I use +cdp option with setuid options ?

thanks and regards
vineesh
ranganath ramachandra
Esteemed Contributor

Re: setuid SHLIB_PATH issue

here is an example of using $ORIGIN:
---
bash-2.01$ cc -Wl,+b,\$ORIGIN/../lib 1.c -o 1
bash-2.01$ chatr 1
:
embedded path enabled first $ORIGIN/../lib
:
---
when you run chatr on the executable, it should show you something like the above. i dont know for sure how to do that through a makefile, you'll have to figure it out.

you can use '+cdp' at link time. the loader will look up that path regardless of whether the application is setuid.

----
bash-2.01$ cc 1.c -o 1 -L. -le -Wl,+cdp,./libe.sl:/opt/emacs/lib/libe.sl
bash-2.01$ chatr 0
:
dynamic /opt/emacs/lib/libe.sl
dynamic /usr/lib/libc.2
:
----

you can also use $ORIGIN in the path you specify with '+cdp':

----
bash-2.01$ cc 1.c -o 1 -L. -le -Wl,+cdp,./libe.sl:\$ORIGIN/../tmp/libe.sl
bash-2.01$ chatr 0
0:
:
shared library list:
dynamic $ORIGIN/../tmp/libe.sl
:
----
 
--
ranga
hp-ux 11i v3[i work for hpe]

Accept or Kudo

ranganath ramachandra
Esteemed Contributor

Re: setuid SHLIB_PATH issue

dont get confused by the filenames '1' and '0', i really did run 'chatr' on the executable i built!
 
--
ranga
hp-ux 11i v3[i work for hpe]

Accept or Kudo