Date: Wed, 15 Dec 2004 16:13:29 -0800 From: Kris Kennaway <kris@obsecurity.org> To: "Andrew P." <infofarmer@mail.ru> Cc: Kris Kennaway <kris@obsecurity.org> Subject: Re: ld-elf.so.1: Shared object"libintl.so.6" not found Message-ID: <20041216001329.GA37679@xor.obsecurity.org> In-Reply-To: <41C0CC10.4020109@mail.ru> References: <20041215195403.GB68003@xor.obsecurity.org> <41C0A08E.7070801@mail.ru> <20041215214415.GB99588@xor.obsecurity.org> <41C0CC10.4020109@mail.ru>
next in thread | previous in thread | raw e-mail | index | archive | help
--azLHFNyN32YCQGCU
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable
On Thu, Dec 16, 2004 at 02:43:12AM +0300, Andrew P. wrote:
> echo "Starting ppp as \"${ppp_user}\""
> echo "JUST BEFORE - ${ppp_command}"
> su -m ${ppp_user} -c "exec ${ppp_command}"
> echo "JUST AFTER"
> Here I almost pressed the "Send" button in my Thunderbird, but
> oops. Back to the shell :-)
>=20
> # man su
> <...>A shell is then executed.<...>
>=20
> Yep, my default shell for root is bash.
>=20
> # ldd bash
> bash:
> libncurses.so.5 =3D> /usr/lib/libncurses.so.5 (0x280e0000)
> libintl.so.6 =3D> /usr/local/lib/libintl.so.6 (0x28121000)
> libc.so.4 =3D> /usr/lib/libc.so.4 (0x2812a000)
> libiconv.so.3 =3D> /usr/local/lib/libiconv.so.3 (0x281c3000)
>=20
> So apparently I have probably changed the default shell from csh
> to bash on both machines right after that portupgrade. I changed
> back to sh now - and the error is gone.
>=20
> The only question I have now is how come I've never read about this?
> I've read the Handbook and the Complete Freebsd and literally
> thousands of other pages concerning FreeBSD management. I have
> never seen a warning about changing the default shell for root.
> Or am I just too blind?..
Aha!
Well, it's good that we finally tracked this down. I'm not aware of
anywhere that mentions this caveat and could not find it in a quick
skim of the manpages and handbook, although it may still be there
somewhere. It is certainly part of the UNIX lore that the root shell
should be one that is self-contained in the root filesystem (typically
this means /bin/sh or /bin/csh). The standard thing to do if you want
to use another shell is to use the toor account, which is an alternate
root account that is provided for this kind of thing. This leaves
root available for emergency use (single-user mode), and (it turns
out) for running scripts with 'su' during the early boot phase.
What I recommend is that you open a doc PR requesting that this be
documented somewhere, so that future generations don't run into this
problem as well.
Kris
--azLHFNyN32YCQGCU
Content-Type: application/pgp-signature
Content-Disposition: inline
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.6 (FreeBSD)
iD8DBQFBwNMpWry0BWjoQKURAvT4AKCTaJbeqyaZi5d0Rlti4niNQrdCYgCfYZfD
GoQnOQGdDw2ENqbfc6OFGeA=
=t4gt
-----END PGP SIGNATURE-----
--azLHFNyN32YCQGCU--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041216001329.GA37679>