Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[solved] unexpected changes in files under /lib
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware
View previous topic :: View next topic  
Author Message
toralf
Advocate
Advocate


Joined: 01 Feb 2004
Posts: 2693
Location: Hamburg/Germany

PostPosted: Fri Nov 30, 2012 5:53 pm    Post subject: [solved] unexpected changes in files under /lib Reply with quote

My daily backup (rsync) today brought this transfers into my eyes :
Code:
===================================
/lib

cd..t...... lib/
>f.s....... lib/ld-2.15.so
>f.s....... lib/libblkid.so.1.1.0
>f.s....... lib/libc-2.15.so
>f.s....... lib/libcrypt-2.15.so
...
which where partly unexpected. I checked one of those candidates file, it belongs to glibc :
Code:
$ equery b libdl-2.15.so                                                                                                                     
 * Searching for libdl-2.15.so ...                                                                                                                                   
sys-libs/glibc-2.15-r3 (/lib/libdl-2.15.so)     
and was emerged last time at :
Code:
$ genlop glibc | tail -n 2
     Sun Oct 21 17:38:34 2012 >>> sys-libs/glibc-2.15-r3
Now me wonders about these changes :
Code:
$ ls -l /mnt/media/daily/20121130-175932/lib/libdl-2.15.so /mnt/media/monthly/20121127-220336/lib/libdl-2.15.so
-rwxr-xr-x 1 root root 15692 Oct 21 17:37 /mnt/media/daily/20121130-175932/lib/libdl-2.15.so
-rwxr-xr-x 5 root root 13884 Oct 21 17:37 /mnt/media/monthly/20121127-220336/lib/libdl-2.15.so
which of course yields into diffs here too :
Code:
$ md5sum /mnt/media/daily/20121130-175932/lib/libdl-2.15.so /mnt/media/monthly/20121127-220336/lib/libdl-2.15.so
f707a31d68875fc74bc57a0046240967  /mnt/media/daily/20121130-175932/lib/libdl-2.15.so
b2a5edf72d18251f16db6660ffeaf597  /mnt/media/monthly/20121127-220336/lib/libdl-2.15.so
Now /me wonders where to start / how to continue. FWIW I omploaded [/b]both the old http://ompldr.org/vZ2lkYg and the current file http://ompldr.org/vZ2lkYw here.

Update:
I made an
Code:
$ objdump -D /lib/libdl-2.15.so | nl -ba > current
$ objdump -D libdl-2.15.so | nl -ba > old
and found changed addresses :
Code:
$ egrep "^     7" old current
old    :     7  00000174 <.note.ABI-tag>:
current:     7  46b41174 <.note.ABI-tag>:
and a lot of diffs, starting at line line 325 :
Code:
current:   325  46b4157d:       25 b4 46 43 00          and    $0x4346b4,%eax
versus
Code:
old:   325       57d:   15 00 00 43 00          adc    $0x430000,%eax


Last edited by toralf on Sat Dec 01, 2012 7:50 pm; edited 7 times in total
Back to top
View user's profile Send private message
Etal
Veteran
Veteran


Joined: 15 Jul 2005
Posts: 1641

PostPosted: Sat Dec 01, 2012 5:01 am    Post subject: Reply with quote

I have the opposite: I emerged glibc in August, but the timestamp says libdl was last modified in May:
Code:
$ genlop glibc | tail -n 2
     Thu Aug  9 21:06:05 2012 >>> sys-libs/glibc-2.15-r2
$ ls -l /lib/libdl-2.15.so
-rwxr-xr-x 1 root root 14624 May 22  2012 /lib/libdl-2.15.so

_________________
“And even in authoritarian countries, information networks are helping people discover new facts and making governments more accountable.”– Hillary Clinton, Jan. 21, 2010
Back to top
View user's profile Send private message
Flameeyes
Developer
Developer


Joined: 30 Mar 2005
Posts: 187
Location: Dublin, Ireland

PostPosted: Sat Dec 01, 2012 7:07 pm    Post subject: Reply with quote

Let's start from the top. There are only three tools that can legitimately change an ELF file (okay maybe four but I'll go into that later): strip, chpax/paxctl, and prelink. The first is designed to remove debug information, and Portage already runs it on files before the livefs merge. The second (actually two tools, but one is the new one) is for hardened, and is not going to be deprecated in favour of using xattr marking, and the third is a way to try to reduce the overhead of running programs. For more information about the third I'll point you to my blog's tag as I've written quite enough on the subject.

In your case, the latter is what caused the change; if you compare the two files with a more simple 'readelf -S' instead of a full blown objdump, you can see that the new file has three new sections that are not present in the old one: .gnu.liblist .gnu.libstr and .gnu.prelink_undo. These three sections are where the extra space is coming from.

P.S.: the fourth tool I refer to above is chrpath, but that's only used to change the runtime search path for proprietary software, almost exclusively, so it really can't apply go glibc.
_________________
You want to know what I'm working on right now? Just follow my blog.

Flattr me!
Back to top
View user's profile Send private message
toralf
Advocate
Advocate


Joined: 01 Feb 2004
Posts: 2693
Location: Hamburg/Germany

PostPosted: Sat Dec 01, 2012 7:50 pm    Post subject: Reply with quote

right - prelink is the reason.
Thx
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Kernel & Hardware All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum