Bug#543815: initramfs-tools: Having "/lib64" in /etc/ld.so.conf results in unusable initrd image
Package: initramfs-tools
Version: 0.85i
Severity: critical
Justification: breaks the whole system
--------------
Summary:
This problem is in essence (AFAICT) the same as #337176, #420754
I think the solution is to fix the hook-functions to not just
catch a few well known optimized locations, but to also dereference
library paths to absolute locations? (or create the initrd with
symlinks for found lib directories back to /lib)
(sorry, i don't have enough time to really dig into this, myself)
--------------
If /etc/ld.so.conf contains /lib64, update-initramfs will create a
filesystem containing /lib64/libcrypt.so.1, but /bin/sh is looking only
for /lib/libcrypto.so.1 yielding:
--------------------------
/bin/sh: error while loading shared libraryes: libcrypt.so.1: cannot
open shared object file: No such file or directory
Kernel panic - not syncing: Attempted to kill init!
--------------------------
So /lib64 is default symlink to /lib (on running system):
+ stat -c %N /lib64
`/lib64' -> `/lib'
+ grep lib64 /etc/ld.so.conf
/lib64
Note: you could argue this is a "mistake", but the end result is that
kernel security updates render the system unbootable. As far as the
running system is concerned, since /lib64 is a symlink to /lib, it
operates the same. Theoretically, though someone COULD make /lib64
a real directory and have a custom libcrypt.so.1 there and i suspect
that update-initramfs would still break.
+ ldconfig -p
+ grep libcrypt.so
libcrypt.so.1 (libc6,x86-64, OS ABI: Linux 2.6.0) => /lib64/libcrypt.so.1
libcrypt.so.1 (libc6, OS ABI: Linux 2.6.0) => /lib32/libcrypt.so.1
libcrypt.so (libc6,x86-64, OS ABI: Linux 2.6.0) => /usr/lib/libcrypt.so
note that /lib64 is where libcrypt.so is found in this configuration.
If i remove /lib64 from /etc/ld.so.conf and 'ldconfig', we get instead:
+ ldconfig -p
+ grep libcrypt.so
libcrypt.so.1 (libc6,x86-64, OS ABI: Linux 2.6.0) => /lib/libcrypt.so.1
libcrypt.so.1 (libc6, OS ABI: Linux 2.6.0) => /lib32/libcrypt.so.1
libcrypt.so (libc6,x86-64, OS ABI: Linux 2.6.0) => /usr/lib/libcrypt.so
(where it's now found in /lib)
+ gunzip -c /boot/initrd.img-2.6.18-6-amd64.bak
+ cpio -tiv
+ grep crypt
28172 blocks
-rw-r--r-- 1 root root 22656 Jan 4 2009 lib64/libcrypt.so.1
Note: i'm using the .bak since we fixed the system previously by
removing /lib64 from /etc/ld.so.conf and i've only put it back
in here for the bugreport (so /boot/initrd.img-2.6.18-6-amd64
is fixed as seen here:.
+ gunzip -c /boot/initrd.img-2.6.18-6-amd64
+ cpio -tiv
+ grep crypt
28172 blocks
-rw-r--r-- 1 root root 22656 Jan 4 2009 lib/libcrypt.so.1
thanks,
--stephen
-- Package-specific info:
-- /proc/cmdline
root=/dev/sda1 ro vga=771
-- /proc/filesystems
cramfs
ext3
-- lsmod
Module Size Used by
nfsd 256200 17
exportfs 10368 1 nfsd
ipt_MASQUERADE 8320 1
iptable_nat 12292 1
ip_nat 24492 2 ipt_MASQUERADE,iptable_nat
ip_conntrack 63140 3 ipt_MASQUERADE,iptable_nat,ip_nat
nfnetlink 11976 2 ip_nat,ip_conntrack
ip_tables 25576 1 iptable_nat
x_tables 22024 3 ipt_MASQUERADE,iptable_nat,ip_tables
ppdev 14088 0
parport_pc 41640 0
lp 17736 0
parport 44684 3 ppdev,parport_pc,lp
nfs 236216 1
lockd 67600 3 nfsd,nfs
nfs_acl 8320 2 nfsd,nfs
sunrpc 166984 13 nfsd,nfs,lockd,nfs_acl
autofs4 27912 1
ipv6 286048 38
dm_snapshot 20664 0
dm_mirror 25216 0
dm_mod 62800 2 dm_snapshot,dm_mirror
serio_raw 12036 0
psmouse 44432 0
pcspkr 7808 0
shpchp 42156 0
pci_hotplug 20872 1 shpchp
evdev 15360 2
tsdev 13056 0
joydev 15360 0
ext3 138512 7
jbd 65392 1 ext3
mbcache 14216 1 ext3
sd_mod 25856 9
ide_cd 45088 1
cdrom 40488 1 ide_cd
usbhid 45088 0
piix 15492 0 [permanent]
mptsas 31120 8
mptscsih 29184 1 mptsas
generic 10500 0 [permanent]
mptbase 56672 2 mptsas,mptscsih
uhci_hcd 28696 0
ide_core 147584 3 ide_cd,piix,generic
scsi_transport_sas 36608 1 mptsas
ehci_hcd 36104 0
scsi_mod 153008 4 sd_mod,mptsas,mptscsih,scsi_transport_sas
bnx2 86640 0
tg3 108292 0
thermal 20240 0
processor 38248 1 thermal
fan 9864 0
-- kernel-img.conf
do_symlinks = Yes
do_initrd = Yes
silent_modules=yes
clobber_modules=yes
do_boot_enable=no
postinst_hook = /usr/sbin/update-grub
postrm_hook = /usr/sbin/update-grub
do_bootloader = no
-- System Information:
Debian Release: 4.0
APT prefers oldstable
APT policy: (500, 'oldstable')
Architecture: amd64 (x86_64)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-amd64
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Versions of packages initramfs-tools depends on:
ii busybox 1:1.1.3-4 Tiny utilities for small and embed
ii cpio 2.6-18.1+etch1 GNU cpio -- a program to manage ar
ii klibc-utils 1.4.34-2 small statically-linked utilities
ii module-init-tools 3.3-pre4-2 tools for managing Linux kernel mo
ii udev 0.105-4etch1 /dev/ and hotplug management daemo
initramfs-tools recommends no packages.
-- no debconf information
Reply to: