This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH v3][BZ #832][BZ #3266] Make ldd try_trace more robust and portable

From: "Patrick 'P. J.' McDermott" <pj at pehjota dot net>
To: libc-alpha at sourceware dot org
Date: Wed, 11 Sep 2013 23:13:36 -0400
Subject: [PATCH v3][BZ #832][BZ #3266] Make ldd try_trace more robust and portable
Authentication-results: sourceware.org; auth=none
References: <522B4A29 dot 3060509 at pehjota dot net>

It was noted in 2005 (BZ #832), 2006 (BZ #3266), and 2007 [1] that ldd
fails on shells other than Bash >= 3.0 because of the pipefail option
around try_trace (added on 2004-12-08).  EGLIBC was patched in 2008 [2]
(r6912) to make the pipefail check run only on shells that support it,
but RTLD output would still be lost on other shells with certain SELinux
policies.

This patch rewrites try_trace to work on any POSIX-conformant shell in
such a way as to also work with such SELinux policies.  It also obviates
one difference between glibc and EGLIBC.

[1]: https://sourceware.org/ml/libc-alpha/2007-01/msg00041.html
[2]: http://www.eglibc.org/archives/patches/msg00526.html

2013-09-11  P. J. McDermott  <pj@pehjota.net>

	[BZ #832]
	[BZ #3266]
	* elf/ldd.bash.in (try_trace): More robustly and portably work around
	SELinux terminal write permissions by using a command substitution
	instead of a pipeline and pipefail option.

Changes in v3:
  * Redirect stderr to stdout in eval command.
  * Define try_trace as a subshell compound list to make output and rc
    "local".
  * Update comment.
---
 elf/ldd.bash.in |   25 ++++++++++++-------------
 1 file changed, 12 insertions(+), 13 deletions(-)

diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in
index 39aeca2..c4a1a15 100644
--- a/elf/ldd.bash.in
+++ b/elf/ldd.bash.in
@@ -106,19 +106,18 @@ if test "$unused" = yes; then
   add_env="$add_env LD_DEBUG=\"$LD_DEBUG${LD_DEBUG:+,}unused\""
 fi
 
-# The following use of cat is needed to make ldd work in SELinux
-# environments where the executed program might not have permissions
-# to write to the console/tty.  But only bash 3.x supports the pipefail
-# option, and we don't bother to handle the case for older bash versions.
-if set -o pipefail 2> /dev/null; then
-  try_trace() {
-    eval $add_env '"$@"' | cat
-  }
-else
-  try_trace() {
-    eval $add_env '"$@"'
-  }
-fi
+# The following command substitution is needed to make ldd work in SELinux
+# environments where the RTLD might not have permission to write to the
+# terminal.  The extra "x" character prevents the shell from trimming trailing
+# newlines from command substitution results.  This function is defined as a
+# subshell compound list (using "(...)") to prevent parameter assignments from
+# affecting the calling shell execution environment.
+try_trace() (
+  output=$(eval $add_env '"$@"' 2>&1; rc=$?; printf 'x'; exit $rc)
+  rc=$?
+  printf '%s' "${output%x}"
+  return $rc
+)
 
 case $# in
 0)
-- 
Patrick "P. J." McDermott
  http://www.pehjota.net/
Lead Developer, ProteanOS
  http://www.proteanos.com/

Follow-Ups:
- Re: [PATCH v3][BZ #832][BZ #3266] Make ldd try_trace more robust and portable
  - From: Mike Frysinger

References:
- [PATCH v2][BZ #832][BZ #3266] Make ldd try_trace more robust and portable
  - From: Patrick \"P. J.\" McDermott

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]