Re: Using an older libc for one app

To: debian-user list <debian-user@lists.debian.org>
Subject: Re: Using an older libc for one app
From: Cameron Hutchison <camh+dl@xdna.net>
Date: Sun, 31 Aug 2003 11:02:32 +1000
Message-id: <[🔎] 20030831010232.GD18235@imladris>
Mail-followup-to: debian-user list <debian-user@lists.debian.org>
In-reply-to: <[🔎] 20030824023644.GB14134@misery.proulx.com>
References: <[🔎] 20030816060532.GB30770@imladris> <[🔎] 20030824023644.GB14134@misery.proulx.com>

Once upon a time Bob Proulx said...
> Cameron Hutchison wrote:
> > I'm running unstable and the latest libc upgrade has caused me problems
> > with vmware 3.2 (see bug report #205328). The problem is with libc6
> > 2.3.2. Vmware runs fine with 2.3.1.
> 
> You may need to downgrade.  

That's what I've done, but clearly thats not a permanent solution.

A suggestion by R Ransbottom in a private email was to patch the binary.
I did this, and after getting all references to libraries, finally got
it working.

I changed all references to *.so.* to *.vm.* in the vmware binary, and
again in my private copy of libc-2.3.1 (libnss_%s.so.n was the tricky
one to find), put symlinks in /lib/libxxx.vm.n to my private library
directory.

Quite an ugly hack, but it worked.

> > This does not work, because vmware is setuid root, and LD_LIBRARY_PATH
> > is ignored for setuid programs.
> 
> If you create a C program wrapper that sets the real uid to the
> effective user id then doesn't LD_LIBRARY_PATH work again?  If so then
> you could do that as an option.  

When I first read this idea in your email, I dismissed it because I
didn't want a special setuid wrapper that I'd have to maintain, since it
would have to change if I moved vmware or upgraded the version. I
thought of a generic wrapper, but that just screams hugh security hole.
I figured I'd need to implemented some sort of security management, ala
sudo, when it hit me - just use sudo.

My first (failed) attempt that prompted my initial email was to put a
LD_LIBRARY_PATH in my vmware script (I had already wrapped the binary
for other reasons). This didn't work because setuid programs ignore
LD_LIBRARY_PATH. However, just running the script with sudo worked. No
other messing around.

I'm pleased to have discovered this, as it should be a solution to using
LD_LIBRARY_PATH for any setuid program.

Summary.

1. Write wrapper script for setuid binary that sets LD_LIBRARY_PATH to
   whatever you want.
2. visudo and add permissions for the user to run the wrapper script.
3. sudo <wrapper_script>

Reply to:

References:
- Using an older libc for one app
  - From: Cameron Hutchison <camh+dl@xdna.net>
- Re: Using an older libc for one app
  - From: bob@proulx.com (Bob Proulx)

Prev by Date: Re: VIA CPU's - cooling with ICE - shuttle - heat
Next by Date: Re: Re: WD internal eide160 gb 40-pin recommended packages
Previous by thread: Re: Using an older libc for one app
Next by thread: getting dpkg's source code
Index(es):
- Date
- Thread