ports/120101: security/krb5 utilities link against wrong libcom_err
Garrett Wollman
wollman at khavrinen.csail.mit.edu
Mon Jan 28 21:10:01 UTC 2008
>Number: 120101
>Category: ports
>Synopsis: security/krb5 utilities link against wrong libcom_err
>Confidential: no
>Severity: serious
>Priority: medium
>Responsible: freebsd-ports-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Mon Jan 28 21:10:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator: Garrett Wollman
>Release: FreeBSD 6.2-RELEASE-p3 amd64
>Organization:
MIT
>Environment:
System: FreeBSD khavrinen.csail.mit.edu 6.2-RELEASE-p3 FreeBSD 6.2-RELEASE-p3 #3: Mon Apr 9 08:34:19 EDT 2007 root at khavrinen.csail.mit.edu:/usr/obj/usr/src/sys/KHAVRINEN amd64
>Description:
krb5-1.6.3_4 builds both libraries and utilities. Among the
libraries included in the port is a version of the MIT Common
Error library, libcom_err. FreeBSD also includes this library
as a part of the base system. It is important that the MIT
Kerberos utilities, and other applications using Kerberos,
link against the correct version of libcom_err. If they do
not, or if they link against both com_err libraries, error
messages will not be displayed correctly.
>How-To-Repeat:
install krb5-1.6.3_4.
$ kadmin
Authenticating as principal wollman/admin at MYREALM.EXAMPLE.ORG with password.
Password for wollman/admin at MYREALM.EXAMPLE.ORG:
kadmin: getprinc unknownprincipal
get_principal: Unknown error: 43787532 while retrieving "unknownprincipal at MYREALM.EXAMPLE.ORG".
$ ldd -av `type -p kadmin`
/usr/local/sbin/kadmin:
libkadm5clnt.so => /usr/local/lib/libkadm5clnt.so (0x800641000)
libgssrpc.so => /usr/local/lib/libgssrpc.so (0x800755000)
libgssapi_krb5.so => /usr/local/lib/libgssapi_krb5.so (0x800870000)
libkrb5.so => /usr/local/lib/libkrb5.so (0x8009a1000)
libk5crypto.so => /usr/local/lib/libk5crypto.so (0x800b43000)
libcom_err.so => /usr/lib/libcom_err.so (0x800c69000)
libkrb5support.so => /usr/local/lib/libkrb5support.so (0x800d6b000)
libc.so.6 => /lib/libc.so.6 (0x800e73000)
/usr/local/lib/libkadm5clnt.so:
libgssrpc.so => /usr/local/lib/libgssrpc.so (0x800755000)
libgssapi_krb5.so => /usr/local/lib/libgssapi_krb5.so (0x800870000)
libkrb5.so => /usr/local/lib/libkrb5.so (0x8009a1000)
libk5crypto.so => /usr/local/lib/libk5crypto.so (0x800b43000)
libcom_err.so => /usr/local/lib/libcom_err.so (0x80108b000)
/usr/local/lib/libgssrpc.so:
libgssapi_krb5.so => /usr/local/lib/libgssapi_krb5.so (0x800870000)
libkrb5.so => /usr/local/lib/libkrb5.so (0x8009a1000)
libk5crypto.so => /usr/local/lib/libk5crypto.so (0x800b43000)
libcom_err.so => /usr/local/lib/libcom_err.so (0x80108b000)
/usr/local/lib/libgssapi_krb5.so:
libkrb5.so => /usr/local/lib/libkrb5.so (0x8009a1000)
libk5crypto.so => /usr/local/lib/libk5crypto.so (0x800b43000)
libcom_err.so => /usr/local/lib/libcom_err.so (0x80108b000)
libkrb5support.so => /usr/local/lib/libkrb5support.so (0x800d6b000)
/usr/local/lib/libkrb5.so:
libk5crypto.so => /usr/local/lib/libk5crypto.so (0x800b43000)
libcom_err.so => /usr/local/lib/libcom_err.so (0x80108b000)
libkrb5support.so => /usr/local/lib/libkrb5support.so (0x800d6b000)
/usr/local/lib/libk5crypto.so:
libkrb5support.so => /usr/local/lib/libkrb5support.so (0x800d6b000)
/usr/local/lib/libcom_err.so:
libkrb5support.so => /usr/local/lib/libkrb5support.so (0x800d6b000)
Note how all of the Kerberos libraries are linked against the correct
version of libcom_err.so (the one installed in /usr/local/lib), but
kadmin itself links against the wrong one.
>Fix:
Link the Kerberos utilities against the correct library. By
preference, also fix the lack of version numbering. (I think
this may be "intentional" on the part of the Kerberos
developers as a result of someone not understanding how
shared library versioning is supposed to work.)
Workaround: remove /usr/lib/libcom_err.so.
>Release-Note:
>Audit-Trail:
>Unformatted:
More information about the freebsd-ports-bugs
mailing list