[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#543815: initramfs-tools: Having "/lib64" in /etc/ld.so.conf results in unusable initrd image

Package: initramfs-tools
Version: 0.85i
Severity: critical
Justification: breaks the whole system


--------------
Summary:
This problem is in essence (AFAICT) the same as #337176, #420754
I think the solution is to fix the hook-functions to not just
catch a few well known optimized locations, but to also dereference
library paths to absolute locations? (or create the initrd with
symlinks for found lib directories back to /lib)
(sorry, i don't have enough time to really dig into this, myself)
--------------


If /etc/ld.so.conf contains /lib64, update-initramfs will create a
filesystem containing /lib64/libcrypt.so.1, but /bin/sh is looking only
for /lib/libcrypto.so.1  yielding:

--------------------------
/bin/sh: error while loading shared libraryes: libcrypt.so.1: cannot
open shared object file: No such file or directory
Kernel panic - not syncing: Attempted to kill init!
--------------------------

So /lib64 is default symlink to /lib (on running system):

+ stat -c %N /lib64
`/lib64' -> `/lib'

+ grep lib64 /etc/ld.so.conf
/lib64

Note: you could argue this is a "mistake", but the end result is that
kernel security updates render the system unbootable.  As far as the
running system is concerned, since /lib64 is a symlink to /lib, it
operates the same.  Theoretically, though someone COULD make /lib64
a real directory and have a custom libcrypt.so.1 there and i suspect
that update-initramfs would still break.

+ ldconfig -p
+ grep libcrypt.so
	libcrypt.so.1 (libc6,x86-64, OS ABI: Linux 2.6.0) => /lib64/libcrypt.so.1
	libcrypt.so.1 (libc6, OS ABI: Linux 2.6.0) => /lib32/libcrypt.so.1
	libcrypt.so (libc6,x86-64, OS ABI: Linux 2.6.0) => /usr/lib/libcrypt.so

note that /lib64 is where libcrypt.so is found in this configuration.
If i remove /lib64 from /etc/ld.so.conf and 'ldconfig', we get instead:

+ ldconfig -p
+ grep libcrypt.so
	libcrypt.so.1 (libc6,x86-64, OS ABI: Linux 2.6.0) => /lib/libcrypt.so.1
	libcrypt.so.1 (libc6, OS ABI: Linux 2.6.0) => /lib32/libcrypt.so.1
	libcrypt.so (libc6,x86-64, OS ABI: Linux 2.6.0) => /usr/lib/libcrypt.so
(where it's now found in /lib)

+ gunzip -c /boot/initrd.img-2.6.18-6-amd64.bak
+ cpio -tiv
+ grep crypt
28172 blocks
-rw-r--r--   1 root     root        22656 Jan  4  2009 lib64/libcrypt.so.1

Note: i'm using the .bak since we fixed the system previously by
      removing /lib64 from /etc/ld.so.conf and i've only put it back
      in here for the bugreport (so /boot/initrd.img-2.6.18-6-amd64
      is fixed as seen here:.
+ gunzip -c /boot/initrd.img-2.6.18-6-amd64
+ cpio -tiv
+ grep crypt
28172 blocks
-rw-r--r--   1 root     root        22656 Jan  4  2009 lib/libcrypt.so.1

thanks,
--stephen

-- Package-specific info:
-- /proc/cmdline
root=/dev/sda1 ro vga=771 

-- /proc/filesystems
	cramfs
	ext3

-- lsmod
Module                  Size  Used by
nfsd                  256200  17 
exportfs               10368  1 nfsd
ipt_MASQUERADE          8320  1 
iptable_nat            12292  1 
ip_nat                 24492  2 ipt_MASQUERADE,iptable_nat
ip_conntrack           63140  3 ipt_MASQUERADE,iptable_nat,ip_nat
nfnetlink              11976  2 ip_nat,ip_conntrack
ip_tables              25576  1 iptable_nat
x_tables               22024  3 ipt_MASQUERADE,iptable_nat,ip_tables
ppdev                  14088  0 
parport_pc             41640  0 
lp                     17736  0 
parport                44684  3 ppdev,parport_pc,lp
nfs                   236216  1 
lockd                  67600  3 nfsd,nfs
nfs_acl                 8320  2 nfsd,nfs
sunrpc                166984  13 nfsd,nfs,lockd,nfs_acl
autofs4                27912  1 
ipv6                  286048  38 
dm_snapshot            20664  0 
dm_mirror              25216  0 
dm_mod                 62800  2 dm_snapshot,dm_mirror
serio_raw              12036  0 
psmouse                44432  0 
pcspkr                  7808  0 
shpchp                 42156  0 
pci_hotplug            20872  1 shpchp
evdev                  15360  2 
tsdev                  13056  0 
joydev                 15360  0 
ext3                  138512  7 
jbd                    65392  1 ext3
mbcache                14216  1 ext3
sd_mod                 25856  9 
ide_cd                 45088  1 
cdrom                  40488  1 ide_cd
usbhid                 45088  0 
piix                   15492  0 [permanent]
mptsas                 31120  8 
mptscsih               29184  1 mptsas
generic                10500  0 [permanent]
mptbase                56672  2 mptsas,mptscsih
uhci_hcd               28696  0 
ide_core              147584  3 ide_cd,piix,generic
scsi_transport_sas     36608  1 mptsas
ehci_hcd               36104  0 
scsi_mod              153008  4 sd_mod,mptsas,mptscsih,scsi_transport_sas
bnx2                   86640  0 
tg3                   108292  0 
thermal                20240  0 
processor              38248  1 thermal
fan                     9864  0 

-- kernel-img.conf
do_symlinks = Yes
do_initrd = Yes
silent_modules=yes
clobber_modules=yes
do_boot_enable=no
postinst_hook = /usr/sbin/update-grub
postrm_hook   = /usr/sbin/update-grub
do_bootloader = no


-- System Information:
Debian Release: 4.0
  APT prefers oldstable
  APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)

Versions of packages initramfs-tools depends on:
ii  busybox                   1:1.1.3-4      Tiny utilities for small and embed
ii  cpio                      2.6-18.1+etch1 GNU cpio -- a program to manage ar
ii  klibc-utils               1.4.34-2       small statically-linked utilities 
ii  module-init-tools         3.3-pre4-2     tools for managing Linux kernel mo
ii  udev                      0.105-4etch1   /dev/ and hotplug management daemo

initramfs-tools recommends no packages.

-- no debconf information
Reply to: