Original question:
-- Environment: Ultra/SS20/SS5, running Solaris 2.5Problem: Suid or setgid programs won't find shared libraries under indirect automount points.
-rwxrwsr-x 1 game games 1498161 Apr 23 11:36 nethack
% nethack ld.so.1: ./nethack: fatal: libXaw.so.6.0: can't open file: errno=2
% echo $LD_LIBRARY_PATH /usr/lib:/usr/ccs/lib:/p/lib:/p/X11/lib:/usr/openwin/lib:/usr/ucblib
% ls -la /p/X11/lib/libXaw.so.6.0 -rw-rw-r-- 1 root staff 288928 Nov 9 22:56 /p/X11/lib/libXaw.so.6.0
# chmod 775 nethack % nethack
.. This game you will be a Caveman. ...
(BUT now I cannot save, because save-directory is not world-writable)
If I use symbolic links pointing from /usr/lib/libX* to /p/X11/lib/, everything is ok; the libraries are found even if the program is suid or sgid. --
The Reason:
Casper Dik <casper@holland.Sun.COM>: "ld.so will not follow LD_LIBRARY_PATH for set-gid, set-uid executables for a very good reason; anyone could gain the privileges of the group or user the program is set-gid or set-uid to if it did honor LD_LIBRARY_PATH."
The Solutions:
mike@trdlnk.com (Michael Sullivan): "1. relink nethack, using the -R/p/X11/lib option. This will build the paths to the /p/X11/lib/... libraries into the nethack executable so that they will be used even if it is setgid.
2. Unless there is some real need to use those non-standard libraries (I presume you are using X11R6 libs, but is there any real benefit to nethack by using X11R6?), you could rebuild nethack and link it with the -L/usr/openwin/lib -R/usr/openwin/lib options. This has the advantage of building a nethack that will work on any conventionally installed Solaris 2.5 system (aside from any problems with paths to things like the save directory).
and some other rather obvious work-arounds that you probably already though of and don't like:
3. Use symbolic links as you described you have already tried.
4. make the save directory world writable"
Relinking nethack with -R/p/X11/lib is the best alternative. Nethack 3.2 can use libxpm for tiles and tombstone (oh yeah), and I don't want to install libxpm to /usr/openwin/lib.
Thanks to: jram@morgan.com (J. Rambhaskar) Casper Dik <casper@holland.Sun.COM> lemercie@kronos.dr.gdf.fr (LEMERCIER Laurent) Kevin.Sheehan@uniq.com.au (Kevin Sheehan {Consulting Poster Child}) mike@trdlnk.com (Michael Sullivan) From: Anderson McCammont <and@morgan.com> Kevin Davidson <tkld@cogsci.ed.ac.uk> peter.allan@aeat.co.uk (Peter Allan)
----------------------------------------------------------------------- Antti Nurminen Dopefish Lives andy@iki.fi -----------------------------------------------------------------------
PS. When I removed the '/p' automount map from /etc/auto_master and issued command 'automount', the /p/libs stayed mounted and the sgid nethack ran just fine. That's why I thought autoumounter had things messed up. Now I'll reboot and find out if I can repeat this.
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:10:58 CDT