[opensuse-packaging] Shared libraries are not executable
Hi, http://en.opensuse.org/Packaging/Shared_Libraries, in the Best Practices section, says "Shared libraries are not executable". We all agree with that? Doesn't really matters, I ask just because sometimes I have got patches submitted changed, because 99% of my /usr/lib files are executable and because ldd still gives this pretty warning: "ldd: warning: you do not have execution permission for `/usr/lib64/libxvidcore.so.4'". I'm not really sure about when, how or who wrote the Shared Library Naming and Packaging Policy... so, I should really follow the "Shared libraries are not executable" advice? -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Tue, May 26, Cristian Morales Vega wrote:
Hi,
http://en.opensuse.org/Packaging/Shared_Libraries, in the Best Practices section, says "Shared libraries are not executable".
Of course, shared libraries are executeable: You can call: kukuk@firun:~> /lib64/ld-linux-x86-64.so.2 /bin/ls Ok, that's not really a shared library ;) But sometimes you need this to supply commandline options to the dynamic loader. But: kukuk@firun:~> /lib64/libc.so.6 GNU C Library stable release version 2.9 (20081117), by Roland McGrath et al. Copyright (C) 2008 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Configured for x86_64-suse-linux. Compiled by GNU CC version 4.3.2 [gcc-4_3-branch revision 141291]. Compiled on a Linux 2.6.27 system on 2009-02-02. Available extensions: crypt add-on version 2.1 by Michael Glad and others GNU Libidn by Simon Josefsson Native POSIX Threads Library by Ulrich Drepper et al BIND-8.2.3-T5B For bug reporting instructions, please see: <http://www.gnu.org/software/libc/bugs.html>. -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Hi, On Tue, 26 May 2009, Thorsten Kukuk wrote:
http://en.opensuse.org/Packaging/Shared_Libraries, in the Best Practices section, says "Shared libraries are not executable".
Of course, shared libraries are executeable.
Some can (and should) be, and indeed you have given the only two examples (ld-usb* and libpthread in addition, but that again is glibc). That's why that hint is in the "Best practice" sections, and not a policy. Because indeed, most shared libraries are _not_ executable, which should be reflected by their permissions. For being a shared lib they don't need to be marked 755. Regarding the warning of ldd: it simply is useless. Ciao, Michael. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On 5/26/2009 at 17:25, Michael Matz <matz@suse.de> wrote: Of course, shared libraries are executeable.
Some can (and should) be, and indeed you have given the only two examples (ld-usb* and libpthread in addition, but that again is glibc). That's why that hint is in the "Best practice" sections, and not a policy. Because indeed, most shared libraries are _not_ executable, which should be reflected by their permissions. For being a shared lib they don't need to be marked 755.
Wondering how much this policy (best practice) is applied on our distribution: # /usr/lib64> ls -lad lib* | grep "^[^l]rwx" | wc -l 1063 # /usr/lib64> ls -lad lib* | grep "^[^l]rw-" | wc -l 202 so I have 5x as many executable libs than others ;) Dominique -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Hi, On Tue, 26 May 2009, Dominique Leuenberger wrote:
On 5/26/2009 at 17:25, Michael Matz <matz@suse.de> wrote: Of course, shared libraries are executeable.
Some can (and should) be, and indeed you have given the only two examples (ld-usb* and libpthread in addition, but that again is glibc). That's why that hint is in the "Best practice" sections, and not a policy. Because indeed, most shared libraries are _not_ executable, which should be reflected by their permissions. For being a shared lib they don't need to be marked 755.
Wondering how much this policy (best practice) is applied on our distribution:
Yep, that's a problem. We hoped by documenting this as best practice over time the distro will catch up :)
# /usr/lib64> ls -lad lib* | grep "^[^l]rwx" | wc -l 1063 # /usr/lib64> ls -lad lib* | grep "^[^l]rw-" | wc -l 202
... and it seems we slowly succeed. Some years ago nearly all shared libs were 755 ;) Ciao, Michael. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Le mardi 26 mai 2009, à 18:11 +0200, Michael Matz a écrit :
Hi,
On Tue, 26 May 2009, Dominique Leuenberger wrote:
On 5/26/2009 at 17:25, Michael Matz <matz@suse.de> wrote: Of course, shared libraries are executeable.
Some can (and should) be, and indeed you have given the only two examples (ld-usb* and libpthread in addition, but that again is glibc). That's why that hint is in the "Best practice" sections, and not a policy. Because indeed, most shared libraries are _not_ executable, which should be reflected by their permissions. For being a shared lib they don't need to be marked 755.
Wondering how much this policy (best practice) is applied on our distribution:
Yep, that's a problem. We hoped by documenting this as best practice over time the distro will catch up :)
# /usr/lib64> ls -lad lib* | grep "^[^l]rwx" | wc -l 1063 # /usr/lib64> ls -lad lib* | grep "^[^l]rw-" | wc -l 202
... and it seems we slowly succeed. Some years ago nearly all shared libs were 755 ;)
Isn't this something that should just get fixed upstream in some of the autotools? We'd then get the right thing for free in most packages. Vincent -- Les gens heureux ne sont pas pressés. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Dominique Leuenberger escribió:
Wondering how much this policy (best practice) is applied on our distribution: # /usr/lib64> ls -lad lib* | grep "^[^l]rwx" | wc -l 1063 # /usr/lib64> ls -lad lib* | grep "^[^l]rw-" | wc -l 202
ls -lad lib* | grep "^[^l]rw-" | wc -l 694 -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
Hi, On Tue, 26 May 2009, Cristian Rodríguez wrote:
Dominique Leuenberger escribió:
Wondering how much this policy (best practice) is applied on our distribution: # /usr/lib64> ls -lad lib* | grep "^[^l]rwx" | wc -l 1063 # /usr/lib64> ls -lad lib* | grep "^[^l]rw-" | wc -l 202
ls -lad lib* | grep "^[^l]rw-" | wc -l 694
Now, how many of those are *.a or *.la? :-) # ls -lad lib*.so* | grep "^[^l]rw-" | wc -l 40 Och :-) Ciao, Michael.
On 5/27/2009 at 11:53, Michael Matz <matz@suse.de> wrote: Now, how many of those are *.a or *.la? :-)
# ls -lad lib*.so* | grep "^[^l]rw-" | wc -l 40
Och :-)
Good one... I was to optimistic with my 200 :) ls -lad lib*.so.* | grep "^[^l]rw-" | wc -l (removing *.so themselfes) reduces my list to 33 :( 9 files non-executable are *.so files (interestingly enough, not links -rw-r--r-- 1 root root 253 2009-05-19 09:13 libc.so -rw-r--r-- 1 root root 19168 2009-02-21 00:45 libdvbapi.so -rw-r--r-- 1 root root 18664 2009-02-21 00:45 libdvbcfg.so -rw-r--r-- 1 root root 72280 2009-02-21 00:45 libdvben50221.so -rw-r--r-- 1 root root 29032 2009-02-21 00:45 libdvbsec.so -rw-r--r-- 1 root root 84544 2009-05-19 15:18 libelf-0.141.so -rw-r--r-- 1 root root 14440 2009-02-21 00:45 libesg.so -rw-r--r-- 1 root root 222 2009-05-19 09:13 libpthread.so -rw-r--r-- 1 root root 88720 2009-02-21 00:45 libucsi.so -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
On Wed, May 27, Dominique Leuenberger wrote:
9 files non-executable are *.so files (interestingly enough, not links -rw-r--r-- 1 root root 253 2009-05-19 09:13 libc.so
Yes, this are ld scripts: kukuk@firun:~> cat /usr/lib/libc.so /* GNU ld script Use the shared library, but some functions are only in the static library, so try that secondarily. */ OUTPUT_FORMAT(elf32-i386) GROUP ( /lib/libc.so.6 /usr/lib/libc_nonshared.a AS_NEEDED ( /lib/ld-linux.so.2 ) ) -- Thorsten Kukuk, Project Manager/Release Manager SLES SUSE LINUX Products GmbH, Maxfeldstr. 5, D-90409 Nuernberg GF: Markus Rex, HRB 16746 (AG Nuernberg) -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org For additional commands, e-mail: opensuse-packaging+help@opensuse.org
participants (6)
-
Cristian Morales Vega -
Cristian Rodríguez -
Dominique Leuenberger -
Michael Matz -
Thorsten Kukuk -
Vincent Untz