Mailinglist Archive: opensuse (3251 mails)

< Previous Next >
Re: [opensuse] Compiling the Suse way
  • From: Dave Howorth <dhoworth@xxxxxxxxxxxxxxxxx>
  • Date: Fri, 06 Jun 2008 12:57:40 +0100
  • Message-id: <48492634.3010109@xxxxxxxxxxxxxxxxx>
Andreas Jaeger wrote:
Dave Howorth writes:
Andreas Jaeger wrote:
Philipp Thomas writes:
Checkinstall has been dropped from openSUSE because it doesn't work
anymore. Checkinstall's trick is to load a library via LD_PRELOAD that
redirects all functions dealing with files. Now for installing a package
you need to be root and for programs running with root privileges the
dynamic loader ignores LD_PRELOAD as this would otherwise be a huge
security problem.
The behaviour is: For programs being setuid root, LD_PRELOAD is ignored
- or more exactly:
/* The LD_PRELOAD environment variable gives list of libraries
separated by white space or colons that are loaded before the
executable's dependencies and prepended to the global scope
list. If the binary is running setuid all elements
containing a '/' are ignored since it is insecure. */
Reading this makes me confused. Am I right in thinking that LD_PRELOAD
still works and in particular the checkinstall application of it would
still work if either:

* the checkinstall is run by root directly and the executable is *not*
setuid?

Correct.

Looking at the checkinstall site, it seems the program is normally run
as root anyway - as Philipp also implies - so I'm still confused as to
why it has stopped working and therefore been removed?

* or, the special library that checkinstall loads is given using a
relative path rather than an absolute one?

No, the library needs to be in a system path, e.g. /usr/lib and
LD_PRELOAD contains only the name - not a single slash - in it.

Ah, OK. Now I see I misread your original statement. You wrote
'containing a /' but I saw 'starting with a /' :( Sorry.

Either of these seems like a very simple way to make checkinstall work,
so I suspect I'm misunderstanding something one of you has said :(

Note that I have no clue about checkinstall,

Nor me :)

Andreas

Thanks, Dave

PS I don't need a personal copy of your replies.
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse+help@xxxxxxxxxxxx

< Previous Next >
Follow Ups