Re: /lib32 -> emul/ia32-linux/lib ?
Neil Williams <codehelp@debian.org> writes:
> On Mon, 02 Nov 2009 18:11:42 +0100
> Vincent Danjean <vdanjean.ml@free.fr> wrote:
>
>> Neil Williams wrote:
>> >> /lib64 -> /lib
>> >
>> > That should be:
>> > /lib64 -> lib
>>
>> On my system (amd64), this is currently /lib64 -> /lib
>> Which package manages this symlink ?
>
> libc6
>
>> > Having a link to /lib causes problems with debootstrap, cdebootstrap
>> > and others. See #553599
>
> See also the other bugs from which 553599 was cloned.
>
> #514015 and #514016 - both RC.
>
> "Packages with absolute symlinks to dirs like libc6 on amd64, ppc64 and
> s390x can lead to overwrites of files outside of the new root."
>
> Any process that uses tar against /PATH/TO/CHROOT/lib64 will end up
> putting files into /lib:
>
> "If one package (lib6) contains the symlink /lib64 -> /lib, another
> package (in this case libattr1) which includes files in /lib64, will
> be extracted into the host system and overwrite files there, as tar
> follows the symlinks."
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=553599#12
Maybe policy should be changed to allow only relative symlinks.
I've been bitten by this many many times. Not as bad as tar extracting
to / instead /chroot but try "file /chroot/lib64/libfoo.so" and
similar.
MfG
Goswin
Reply to: