Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in

  FAQ | Search | Memberlist | Usergroups | Statistics | Profile | Log in to check your private messages | Log in | Register

[solved] unexpected changes in files under /lib
 View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3943
Location: Hamburg
PostPosted: Fri Nov 30, 2012 5:53 pm    Post subject: [solved] unexpected changes in files under /lib Reply with quote
My daily backup (rsync) today brought this transfers into my eyes :
Code:
===================================
/lib

cd..t...... lib/
>f.s....... lib/ld-2.15.so
>f.s....... lib/libblkid.so.1.1.0
>f.s....... lib/libc-2.15.so
>f.s....... lib/libcrypt-2.15.so
...
which where partly unexpected. I checked one of those candidates file, it belongs to glibc :
Code:
$ equery b libdl-2.15.so                                                                                                                     
 * Searching for libdl-2.15.so ...                                                                                                                                   
sys-libs/glibc-2.15-r3 (/lib/libdl-2.15.so)     
and was emerged last time at :
Code:
$ genlop glibc | tail -n 2
     Sun Oct 21 17:38:34 2012 >>> sys-libs/glibc-2.15-r3
Now me wonders about these changes :
Code:
$ ls -l /mnt/media/daily/20121130-175932/lib/libdl-2.15.so /mnt/media/monthly/20121127-220336/lib/libdl-2.15.so
-rwxr-xr-x 1 root root 15692 Oct 21 17:37 /mnt/media/daily/20121130-175932/lib/libdl-2.15.so
-rwxr-xr-x 5 root root 13884 Oct 21 17:37 /mnt/media/monthly/20121127-220336/lib/libdl-2.15.so
which of course yields into diffs here too :
Code:
$ md5sum /mnt/media/daily/20121130-175932/lib/libdl-2.15.so /mnt/media/monthly/20121127-220336/lib/libdl-2.15.so
f707a31d68875fc74bc57a0046240967  /mnt/media/daily/20121130-175932/lib/libdl-2.15.so
b2a5edf72d18251f16db6660ffeaf597  /mnt/media/monthly/20121127-220336/lib/libdl-2.15.so
Now /me wonders where to start / how to continue. FWIW I omploaded [/b]both the old http://ompldr.org/vZ2lkYg and the current file http://ompldr.org/vZ2lkYw here.

Update:
I made an
Code:
$ objdump -D /lib/libdl-2.15.so | nl -ba > current
$ objdump -D libdl-2.15.so | nl -ba > old
and found changed addresses :
Code:
$ egrep "^     7" old current
old    :     7  00000174 <.note.ABI-tag>:
current:     7  46b41174 <.note.ABI-tag>:
and a lot of diffs, starting at line line 325 :
Code:
current:   325  46b4157d:       25 b4 46 43 00          and    $0x4346b4,%eax
versus
Code:
old:   325       57d:   15 00 00 43 00          adc    $0x430000,%eax


Last edited by toralf on Sat Dec 01, 2012 7:50 pm; edited 7 times in total
Back to top
View user's profile Send private message
Etal
Veteran
Veteran


Joined: 15 Jul 2005
Posts: 1932
PostPosted: Sat Dec 01, 2012 5:01 am    Post subject: Reply with quote
I have the opposite: I emerged glibc in August, but the timestamp says libdl was last modified in May:
Code:
$ genlop glibc | tail -n 2
     Thu Aug  9 21:06:05 2012 >>> sys-libs/glibc-2.15-r2
$ ls -l /lib/libdl-2.15.so
-rwxr-xr-x 1 root root 14624 May 22  2012 /lib/libdl-2.15.so

_________________
“And even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable.”– Hillary Clinton, Jan. 21, 2010
Back to top
View user's profile Send private message
Flameeyes
Retired Dev
Retired Dev


Joined: 30 Mar 2005
Posts: 189
Location: London, Europe
PostPosted: Sat Dec 01, 2012 7:07 pm    Post subject: Reply with quote
Let's start from the top. There are only three tools that can legitimately change an ELF file (okay maybe four but I'll go into that later): strip, chpax/paxctl, and prelink. The first is designed to remove debug information, and Portage already runs it on files before the livefs merge. The second (actually two tools, but one is the new one) is for hardened, and is not going to be deprecated in favour of using xattr marking, and the third is a way to try to reduce the overhead of running programs. For more information about the third I'll point you to my blog's tag as I've written quite enough on the subject.

In your case, the latter is what caused the change; if you compare the two files with a more simple 'readelf -S' instead of a full blown objdump, you can see that the new file has three new sections that are not present in the old one: .gnu.liblist .gnu.libstr and .gnu.prelink_undo. These three sections are where the extra space is coming from.

P.S.: the fourth tool I refer to above is chrpath, but that's only used to change the runtime search path for proprietary software, almost exclusively, so it really can't apply go glibc.
_________________
You want to know what I'm working on right now? Just follow my blog.
Back to top
View user's profile Send private message
toralf
Developer
Developer


Joined: 01 Feb 2004
Posts: 3943
Location: Hamburg
PostPosted: Sat Dec 01, 2012 7:50 pm    Post subject: Reply with quote
right - prelink is the reason.
Thx
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



 Links: forums.gentoo.org | www.gentoo.org | bugs.gentoo.org | wiki.gentoo.org | forum-mods@gentoo.org

Copyright 2001-2025 Gentoo Foundation, Inc. Designed by Kyle Manna © 2003; Style derived from original subSilver theme. | Hosting by Gossamer Threads Inc. © | Powered by phpBB 2.0.23-gentoo-p11 © 2001, 2002 phpBB Group
Privacy Policy