Can these deps be legitimate?

Michael Shigorin mike at osdn.org.ua
Tue Aug 7 17:06:56 CEST 2012


On Tue, Aug 07, 2012 at 10:25:17AM -0400, Jeffrey Johnson wrote:
> Its rather astonishing that years and years later that missing
> package dependencies due to non-executable bits on ELF
> libraries needs to be discussed.

Like this? (taken from rpm-4.0.4-alt100.52)

-- 
 ---- WBR, Michael Shigorin <mike at altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/
-------------- next part --------------
#!/bin/sh -e
#
# brp-fix-perms - try to fix filesystem permissions.
#
# Copyright (C) 2001-2003  Dmitry V. Levin <ldv at altlinux.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#

. /usr/lib/rpm/functions
ValidateBuildRoot

cd "$RPM_BUILD_ROOT"

# Following objects should be world readable.
for d in usr/{share,include} usr/X11R6/{share,include,man}; do
	[ ! -d "$d" ] || chmod -c -R a+rX "$d"
done

# Following objects should not be group/world writable.
for d in usr/*; do
	[ "$d" = "usr/src" -o -L "$d" -o ! -d "$d" ] ||
		chmod -c -R u+w,go-w "$d"
done

# Following files should not be group/world readable.
find -type f \( -perm -4100 -o -perm -2100 \) -print0 |
	xargs -r0 chmod -c -R go-rw --

find -type f -perm +0111 -print0 |
	xargs -r0 /usr/lib/rpm/fixup-libraries
-------------- next part --------------
#!/bin/sh -e
#
# fixup-shared - fix permissions of libraries.
#
# Copyright (C) 2003-2005,2008  Dmitry V. Levin <ldv at altlinux.org>
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
#

for file in "$@"; do
	type=`file -b "$file"` || continue
	case "$type" in
		current\ ar\ archive|*\ current\ ar\ archive)
			chmod -v u+w,a-x,ug-s "$file"
			;;
		ELF\ *\ shared\ object,\ *|*\ ELF\ *\ shared\ object,\ *)
			file_header="$(readelf -h "$file")" || continue
			entry=`printf %s "$file_header" |sed -ne 's/^ \+Entry point address: \+0x0*\([0-9a-f]\+\)$/\1/p'`
			[ -n "$entry" ] || continue

			section_header="$(readelf -S "$file")" || continue

			# See: comm -12 <(fgrep -l .interp /usr/lib/ldscripts/*) <(fgrep -le --shared /usr/lib/ldscripts/*)
			if printf %s "$section_header" |fgrep -qs ' .interp '; then
				continue
			fi

			text=`printf %s "$section_header" |sed -ne 's/^ *\[ *[0-9]\+\] \.text \+PROGBITS \+0*\([0-9a-f]\+\) \+.*/\1/p'`
			[ -n "$text" ] || continue
			[ "$entry" = "$text" ] || continue

			[ -n "${file##*/lib64/ld-*.so}" ] || continue

			chmod -c u+w,a-x,ug-s "$file"
			;;
	esac
done


More information about the pld-devel-en mailing list