|
From: | Zvi Har'El |
Subject: | [screen-devel] Re: LD_LIBRARY_PATH is not exported to subshells |
Date: | Thu, 17 Jan 2008 00:43:57 +0200 |
User-agent: | Thunderbird 2.0.0.9 (X11/20071031) |
I think you pinpointed the problem. I have on my RHEL4 machine two
installation of screen. An older one, which comes with the system, in
/usr/bin/screen: ~$ ls -l /usr/bin/screen -rwxr-xr-x 1 root root 324440 2004-09-11 12:10 /usr/bin/screen ~$ /usr/bin/screen --version Screen version 4.00.02 (FAU) 5-Dec-03 and a newer one, I installed from the CVS, in /usr/local/bin/screen ~$ /usr/local/bin/screen --version Screen version 4.00.03jw4 (FAU) 2-May-06 ~$ ls -l /usr/local/bin/screen lrwxrwxrwx 1 root root 12 2007-07-10 17:00 /usr/local/bin/screen -> screen-4.0.3 ~$ ls -lL /usr/local/bin/screen -rwsr-xr-x 1 root root 853109 2007-07-06 15:51 /usr/local/bin/screen It seems that the problem happens only when using the setuid version. However, I also have Solaris machines, where the fact that screen is installed setuid doesn't cause any problems. Perhaps Solaris libc doesn't scrub the "Unsecure variables". Since I am not really interested, in the linux machine, that screen will be installed setuid (so that it can write wtmpx), I'll reinstall it without setuid. Thanks, Zvi. On 17/01/08 00:17, Adam Lazur wrote: Trying to get things less hazy. >From ld.so(8): The necessary shared libraries needed by the program are searched for in the following order o Using the environment variable LD_LIBRARY_PATH (LD_AOUT_LIBRARY_PATH for a.out programs). Except if the exe- cutable is a setuid/setgid binary, in which case it is ignored. I tried to find this type of stuff in the glibc source online quickly, but here's all I can do: http://google.com/codesearch?hl=en&q=+package:glibc+LD_LIBRARY_PATH+show:5-uyA-74TiI:kyA999K8eys:Etn8yARxAbA&sa=N&cd=19&ct=rc&cs_p=http://ftp.gnu.org/gnu/glibc/glibc-2.3.3.tar.bz2&cs_f=glibc-2.3.3/sysdeps/generic/unsecvars.h#first I assert that UNSECURE_ENVVARS are scrubbed by glibc somewhere in combination with a check of euid and egid. This is clearly a security thing. .laz Adam Lazur (address@hidden) said:My memory is hazy, but I believe I tracked this down to glibc doing this on behalf of screen because it's a setgid binary. Details are hazy because this was a year or three ago. .laz Zvi Har'El (address@hidden) said:Hi Thanks, but no thanks. I am not interested in tricks to set LD_LIBRARY_PATH. This is not what the screen mailing list about. I am concerned about the fact that screen removes LD_LIBRARY_PATH from the environment, and I believe this behavior is a bug. Zvi. On 16/01/08 23:15, Randy Belk wrote:When you first login Bash will read /etc/bash.bashrc and also $HOME/.bashrc to set stuff like your path($PATH) and other environment variables. Always put your LD_LIBRARY_PATH exports in either of these two files. New bash screen sessions will always read /etc/bash.bashrc and also $HOME/.bashrc on startup! You don't need to write a script use VI and add the LD_LIBRARY_PATH to these file once and your done. On Jan 16, 2008 2:41 PM, Zvi Har'El <address@hidden> wrote:Of course this works. But the problem is that LD_LIBRARY_PATH is part of the configuration of the run (shared libraries used in addition to the standard libraries). Of course I can write a script to edit .bashrc, but this is a ridiculed solution. Why cannot screen export the original LD_LIBRARY_PATH??? On 16/01/08 20:54, Randy Belk wrote: Try putting the LD_LIBRARY_PATH in your .bashrc, that should work. On Jan 16, 2008 11:59 AM, Zvi Har'El <address@hidden> wrote: I am using screen to run several applications simultaneously in the same environment. The environment preparation consists of exporting various variables, including LD_LIBRARY_PATH. However, after running screen, the various windows show the original environment (of course few changes, like $SHLVL increases, $TERM is changed to screen and $TERMCAP, $STY and $WINDOW are set), but one important variable disppeared: $LD_LIBRARY_PATH is not set at all. In the following example, I did "export >/tmp/before;screen" and then, on window 0: sh-3.00$ export >/tmp/after sh-3.00$ diff /tmp/{before,after} 23d22 < export LD_LIBRARY_PATH="/usr/local/lib:/opt/openssl/lib" 39c38 < export SHLVL="3" ---export SHLVL="4"42a42export STY="16314.pts-2.bambi"44c44,68 < export TERM="xterm" ---export TERM="screen" export TERMCAP="SC|screen|VT 100/ANSI X3.64 virtual terminal:\\\ :DO=\\E[%dB:LE=\\E[%dD:RI=\\E[%dC:UP=\\E[%dA:bs:bt=\\E[Z:\\\ :cd=\\E[J:ce=\\E[K:cl=\\E[H\\E[J:cm=\\E[%i%d;%dH:ct=\\E[3g:\\\ :do=^J:nd=\\E[C:pt:rc=\\E8:rs=\\Ec:sc=\\E7:st=\\EH:up=\\EM:\\\ :le=^H:bl=^G:cr=^M:it#8:ho=\\E[H:nw=\\EE:ta=^I:is=\\E)0:\\\ :li#77:co#80:am:xn:xv:LP:sr=\\EM:al=\\E[L:AL=\\E[%dL:\\\ :cs=\\E[%i%d;%dr:dl=\\E[M:DL=\\E[%dM:dc=\\E[P:DC=\\E[%dP:\\\ :im=\\E[4h:ei=\\E[4l:mi:IC=\\E[%d@:ks=\\E[?1h\\E=:\\\ :ke=\\E[?1l\\E>:vi=\\E[?25l:ve=\\E[34h\\E[?25h:vs=\\E[34l:\\\ :ti=\\E[?1049h:te=\\E[?1049l:us=\\E[4m:ue=\\E[24m:so=\\E[3m:\\\ :se=\\E[23m:mb=\\E[5m:md=\\E[1m:mr=\\E[7m:me=\\E[m:ms:\\\ :Co#8:pa#64:AF=\\E[3%dm:AB=\\E[4%dm:op=\\E[39;49m:AX:\\\ :vb=\\Eg:G0:as=\\E(0:ae=\\E(B:\\\:ac=\\140\\140aaffggjjkkllmmnnooppqqrrssttuuvvwwxxyyzz{{||}}~~..--++,,hhII00:\\\:po=\\E[5i:pf=\\E[4i:Z0=\\E[?3h:Z1=\\E[?3l:k0=\\E[10~:\\\ :k1=\\EOP:k2=\\EOQ:k3=\\EOR:k4=\\EOS:k5=\\E[15~:k6=\\E[17~:\\\ :k7=\\E[18~:k8=\\E[19~:k9=\\E[20~:k;=\\E[21~:F1=\\E[23~:\\\ :F2=\\E[24~:F3=\\E[1;2P:F4=\\E[1;2Q:F5=\\E[1;2R:F6=\\E[1;2S:\\\ :F7=\\E[15;2~:F8=\\E[17;2~:F9=\\E[18;2~:FA=\\E[19;2~:kb=^H:\\\ :K2=\\EOE:kB=\\E[Z:kF=\\E[1;2B:kR=\\E[1;2A:*4=\\E[3;2~:\\\ :*7=\\E[1;2F:#2=\\E[1;2H:#3=\\E[2;2~:#4=\\E[1;2D:%c=\\E[6;2~:\\\ :%e=\\E[5;2~:%i=\\E[1;2C:kh=\\E[1~:@1=\\E[1~:kH=\\E[4~:\\\ :@7=\\E[4~:kN=\\E[6~:kP=\\E[5~:kI=\\E[2~:kD=\\E[3~:ku=\\EOA:\\\ :kd=\\EOB:kr=\\EOC:kl=\\EOD:km:"49a74export WINDOW="0"55a81export _="sh"-- Dr. Zvi Har'El mailto:address@hidden Department of Mathematics tel:+972-54-4227607 Technion - Israel Institute of Technology fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/ Haifa 32000, ISRAEL "If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942) _______________________________________________ screen-users mailing list address@hidden http://lists.gnu.org/mailman/listinfo/screen-users _______________________________________________ screen-users mailing list address@hidden http://lists.gnu.org/mailman/listinfo/screen-users -- Dr. Zvi Har'El mailto:address@hidden Department of Mathematics tel:+972-54-4227607 Technion - Israel Institute of Technology fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/ Haifa 32000, ISRAEL "If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)_______________________________________________ screen-users mailing list address@hidden http://lists.gnu.org/mailman/listinfo/screen-users -- Dr. Zvi Har'El mailto:address@hidden Department of Mathematics tel:+972-54-4227607 Technion - Israel Institute of Technology fax:+972-4-8293388 http://www.math.technion.ac.il/~rl/ Haifa 32000, ISRAEL "If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942) |
[Prev in Thread] | Current Thread | [Next in Thread] |