Bug#395177: libc6: default library search path is inconsistent with gcc

To: Gabor Gombas <gombasg@sztaki.hu>
Cc: 395177@bugs.debian.org
Subject: Bug#395177: libc6: default library search path is inconsistent with gcc
From: Vincent Lefevre <vincent@vinc17.org>
Date: Fri, 27 Oct 2006 15:20:20 +0200
Message-id: <[🔎] 20061027132020.GY21217@prunille.vinc17.org>
Reply-to: Vincent Lefevre <vincent@vinc17.org>, 395177@bugs.debian.org
In-reply-to: <[🔎] 20061027120959.GR13806@boogie.lpds.sztaki.hu>
References: <[🔎] 20061025123703.GA30550@vin.lip.ens-lyon.fr> <[🔎] 20061027083353.GN13806@boogie.lpds.sztaki.hu> <[🔎] 20061027092551.GO21217@prunille.vinc17.org> <[🔎] 20061027120959.GR13806@boogie.lpds.sztaki.hu>

On 2006-10-27 14:09:59 +0200, Gabor Gombas wrote:
> On Fri, Oct 27, 2006 at 11:25:51AM +0200, Vincent Lefevre wrote:
> > Not necessarily. The soname isn't defined in the header file, is it?
> > (At compile time, it seems that the library was also 4.2.1, because
> > I get the same problem when using -static, i.e., by not using shared
> > libraries.)
> 
> Build-time linking has nothing to do with glibc.

Yep, but I could assign the bug only to one package.

> Besides, ld _does_ search /usr/local/lib before /usr/lib by default.

So, why do I obtain the same result with -static (i.e., with the
library from /usr/lib instead of /usr/local/lib)?

> > So, couldn't the dynamic loader take into account /usr/local/lib
> > by default (before /usr/lib), just like cpp takes into account
> > /usr/local/include by default (before /usr/include)?
> 
> That would be a security nightmare as /usr/local is often writable/owned
> by users other than root (for example, looking at my etch chroot, it is
> writable by group 'staff' by default).

One should assume that users of the 'staff' group are responsible.
And there would be the same security risks for programs compiled
and installed on the system. So, if you decide that /usr/local/lib
shouldn't be in the search paths by default, then this should be
the same for /usr/local/include.

Also, due to software installed in /usr/local (the default prefix
with "configure"), users often need to add /usr/local/lib to
LD_LIBRARY_PATH anyway.

> > If this is really the only possibility, it should probably be set
> > in /etc/profile in the default configuration (at install time) and
> > other shell init files.
> 
> That would be a security problem as well. Only the local system
> administrator can decide whether things installed in /usr/local should
> override system software or not.

Why does gcc search for include files in /usr/local/include before
/usr/include (on Linux machines), then?

-- 
Vincent Lefèvre <vincent@vinc17.org> - Web: <http://www.vinc17.org/>
100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/>
Work: CR INRIA - computer arithmetic / Arenaire project (LIP, ENS-Lyon)

Reply to:

References:
- Bug#395177: libc6: default library search path is inconsistent with gcc
  - From: Vincent Lefevre <vincent@vinc17.org>
- Bug#395177: libc6: default library search path is inconsistent with gcc
  - From: Gabor Gombas <gombasg@sztaki.hu>
- Bug#395177: libc6: default library search path is inconsistent with gcc
  - From: Vincent Lefevre <vincent@vinc17.org>
- Bug#395177: libc6: default library search path is inconsistent with gcc
  - From: Gabor Gombas <gombasg@sztaki.hu>

Prev by Date: Bug#395177: libc6: default library search path is inconsistent with gcc
Next by Date: Bug#395135: Please requeue gclcvs_2.7.0-62 on alpha
Previous by thread: Bug#395177: libc6: default library search path is inconsistent with gcc
Next by thread: Bug#395288: upgrade of linux-kernel-headers broke #include <asm/system.h> from user-space
Index(es):
- Date
- Thread