Date: Sun, 28 May 2017 04:17:43 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-bugs@FreeBSD.org Subject: [Bug 219606] aarch64: libarchive.so.6 not present, libarchive.so not equivalent @ 318898 Message-ID: <bug-219606-8@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D219606 Bug ID: 219606 Summary: aarch64: libarchive.so.6 not present, libarchive.so not equivalent @ 318898 Product: Base System Version: CURRENT Hardware: arm64 OS: Any Status: New Severity: Affects Many People Priority: --- Component: bin Assignee: freebsd-bugs@FreeBSD.org Reporter: prj@rootwyrm.com This appears to be an ino64 related issue. /usr/lib/libarchive.so.6 is miss= ing on RaspBSD builds @ 318898. This would not be a big deal but /usr/lib/libarchive.so is NOT equivalent. This causes unexpected breakage on arm64-aarch64, even with COMPAT_FREEBSD11 in the kernel. (I'm still in the process of validating this, but brd@ can probably confirm if GENERIC aligns before my RPi3 builds kernel.)=20 This causes the recommended use of 'ABI =3D "FreeBSD:11:aarch64";' in pkg.c= onf to introduce explicitly dangerous breakage for incautious users. Specifically, permissions are incorrect and may result in sensitive files being set world-writable. Here is a demonstration using an 11.0-RELEASE built shells/bash (for maximum "oh, this really IS that bad") installed with pkg and built on 11.0-RELEASE arm64-aarch64. root@skyhorn:~ # ls -l /usr/lib/libarchive.so* lrwxr-xr-x 1 root wheel 15 May 25 17:08 /usr/lib/libarchive.so -> libarchive.so.7 lrwxr-xr-x 1 root wheel 22 May 27 22:14 /usr/lib/libarchive.so.6 -> /usr/lib/libarchive.so -r--r--r-- 1 root wheel 804776 May 25 17:08 /usr/lib/libarchive.so.7 root@skyhorn:~ # ls -l /usr/local/bin/bash ---xr---w- 1 root wheel 956472 Dec 31 1969 /usr/local/bin/bash Yes. That is a *world-writable* bash. Breakage persists if libarchive.so.6 = is a symlink to libarchive.so.7 - so it's not shimming. root@skyhorn:~ # ls -al /usr/local/bin/bash ------x--x 1 root wheel 956472 Dec 31 1969 /usr/local/bin/bash So attributes are still very wrong. This behavior is not fully predictable and impacts *all* ports. Meaning, any file in any port could be left world-writable. Inflicting this behavior is trivial and no warnings are produced, so some form of protection is despera= tely needed. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-219606-8>