[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] Perl 5.32.0 mishandling of rpath and runpath tokens
From: Casper.Dik () Oracle ! COM
Date: 2020-07-21 8:12:44
Message-ID: 202007210812.06L8Ci5i010126 () room101 ! nl ! oracle ! com
[Download RAW message or body]
> Hi Everyone,
>
> Perl mishandles rpath tokens $ORIGIN, $LIB and $PLATFORM. Also see
> https://man7.org/linux/man-pages/man8/ld.so.8.html.
>
> Building on Linux or Solaris with LDFLAGS that includes a rpath or runpath:
>
> -Wl,-R,$ORIGIN/../lib -Wl,-R,$HOME/tmp/ok2delete/lib
>
> results in a rpath or runpath similar to below (Solaris is shown):
>
> # From $HOME/perl-5.32.0 directory
> $ elfdump libperl.so | grep PATH
> [10] RUNPATH 0xaf4d
> /../lib:/export/home/jwalton/tmp/ok2delete/lib
> [11] RPATH 0xaf4d
> /../lib:/export/home/jwalton/tmp/ok2delete/lib
>
> Now the interesting thing here is, $ORIGIN was expanded to nothing and
> /../lib is just /lib. And Solaris /lib directory contains old
> libraries, like zLib 1.2.8 and Bzip 1.0.6. zLib 1.2.8 and Bzip 1.0.6
> have CVEs against them. So rather than use the new zLib and Bzip in
> $HOME/tmp/ok2delete/lib, Perl uses the old ones with CVEs in /lib.
The current version shipped with Solaris are zlib 1.2.11 and bzip2 1.0.8.
> Perl stated they won't fix the problem. Also see
> https://github.com/Perl/perl5/issues/17534.
>
> The best workarounds I have found is to run patchelf (Linux) or
> editelf (Solaris) on all programs and libraries after 'make' and
> before 'make check', and after 'make check' and before 'make install'.
> The procedure has to happen twice because Perl rebuilds some things
> after 'make', including some shared objects built during 'make check'.
There is another possible solution on Solaris by setting the following
variables in the environment:
LD_UNSET="-R/../lib" (drops -R/../lib; multiple options can be
given)
LD_OPTIONS='-R$ORIGIN/../lib' (multiple options possible here too)
/tmp$ cc foo.c -o foo -R/fuz -R/bar -R/blah
/tmp$ dump -Lv foo | grep RPATH
[5] RPATH /fuz:/bar:/blah
/tmp$ LD_OPTIONS=-R/foo/bar LD_UNSET="-R/fuz -R/bar" cc foo.c -o foo -R/fuz -R/bar -R/blah
ld: warning: unsetting option '-R/fuz': LD_UNSET directed
ld: warning: unsetting option '-R/bar': LD_UNSET directed
/tmp$ dump -Lv foo | grep RPATH [5] RPATH \
/foo/bar:/blah
Casper
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic