From Fedora Project Wiki
Line 63: Line 63:
 
<!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. -->
 
<!-- Summarize the feedback from the community and address why you chose not to accept proposed alternatives. This section is optional for all change proposals but is strongly suggested. Incorporating feedback here as it is raised gives FESCo a clearer view of your proposal and leaves a good record for the future. If you get no feedback, that is useful to note in this section as well. For innovative or possibly controversial ideas, consider collecting feedback before you file the change proposal. -->
  
The change has been proposed a long time ago through FPC [0] and the general consensus is that it needs to be done, along with an overhaul of the Fedora documentation in regards to RPATH.
+
The change [https://pagure.io/packaging-committee/issue/886 has been proposed] a long time ago through FPC and the general consensus is that it needs to be done, along with an overhaul of the Fedora documentation in regards to RPATH.
  
An email was also sent on Fedora devel regarding this change [1].
+
An [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/7ZKGVM4XJ7QFRFZXTSGUT4K2MPDVV2XY/#W7LXPX4SIB57DDXXI4PQNKCFSOQMOL4S email thread] was also started on Fedora devel regarding this change.
  
There have been multiple requests in the past to enable that check as well. [2]
+
There have been multiple requests in the past to enable that check, as well as various attempts to remove RPATH's from packages in the distro. [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/WD6JWMDIORBYNL4C5UHOJQGDR3N7HZY3/#LB63Q2HSLPWRMR7UQVQOYVVTG346TDRZ 0] [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/A5X7ENAITWTVZASJBLCXS5MXQ7BE2RS6/#A5X7ENAITWTVZASJBLCXS5MXQ7BE2RS6 1][https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/YJUWD2K32CZAGCDYOAJH2ISA2WF5AMGW/ 2][https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/2GITTEQ7SC5T656AXQ3OHKDG4SLINXB6/ 3]
 
 
[0] https://pagure.io/packaging-committee/issue/886
 
[1] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/7ZKGVM4XJ7QFRFZXTSGUT4K2MPDVV2XY/#W7LXPX4SIB57DDXXI4PQNKCFSOQMOL4S
 
[2] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/WD6JWMDIORBYNL4C5UHOJQGDR3N7HZY3/#LB63Q2HSLPWRMR7UQVQOYVVTG346TDRZ
 
[3] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/A5X7ENAITWTVZASJBLCXS5MXQ7BE2RS6/#A5X7ENAITWTVZASJBLCXS5MXQ7BE2RS6
 
[4] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/YJUWD2K32CZAGCDYOAJH2ISA2WF5AMGW/#ORK6J2T4PEYDCNA44HLEONFTXI2A6TFC
 
[5] https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/2GITTEQ7SC5T656AXQ3OHKDG4SLINXB6/#NT3W4PYENFF3FPWDOTJ2UNOGVLZA4DHV
 
  
 
== Benefit to Fedora ==
 
== Benefit to Fedora ==

Revision as of 15:12, 3 May 2021


Change Proposal Name

Enable RPATH detection during rpmbuild.

Summary

Enable RPATH detection during rpmbuild. This will make the build fail in the case a hard-coded RPATH was detected within a binary or a shared library file.

Owner


Current status

  • Targeted release: Fedora Linux 35
  • Last updated: 2021-05-03
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

The dynamic linker and loader (ld.so) is responsible for resolving runtime dependencies of executables and shared library files through a search hierarchy. However some packages (usually through their upstream buildsystems) contain a hard-coded path within their binaries or .so files, by using the -R or -rpath flag during compilation, which is referred to as RPATH. By utilizing RPATH, ELF files can point to directories to be included in the search path, on runtime, to resolve their dependencies.

While RPATH can be used for non-standard directories, such as a place containing private libraries of the project, when it points to a value already provided by the search path of ld.so it changes the hierarchy of the search, by placing the system defaults first.

(a) DT_RPATH -> (b) LD_LIBRARY_PATH -> (c) DT_RUNPATH -> (d) cache (/etc/ld.so.cache) -> (e) system defaults

This could present a variety of issues, such as LD_LIBRARY_PATH overrides not working, incomplete dependency resolution, loading of wrong libraries etc. In general changing the default search hierarchy could lead to unforeseen bugs and issues (In a similar manner as as adding /usr/lib64 to LD_LIBRARY_PATH).

Another problem of a hardcoded RPATH is security. When an ELF object contains an RPATH pointed to a directory not managed by the system, where some malicious actor has write permissions to, it's relatively easy to execute arbitrary code.

Performance can be affected as well, since probing explicitly e.g. /usr/lib64 through RPATH adds extra open/openat system calls to the process startup.

In Fedora the use of RPATH is forbidden, but it was never enforced. This change intends to ratify that by running /usr/lib/rpm/check-rpaths during rpmbuild, after %install, and fail the build if an RPATH entry was detected.

Feedback

The change has been proposed a long time ago through FPC and the general consensus is that it needs to be done, along with an overhaul of the Fedora documentation in regards to RPATH.

An email thread was also started on Fedora devel regarding this change.

There have been multiple requests in the past to enable that check, as well as various attempts to remove RPATH's from packages in the distro. 0 123

Benefit to Fedora

Improved performance, security, compliance with the guidelines, reducing of RPATH related bugs.


Scope

  • Proposal owners:

Merge the PR to redhat-rpm-config [PR link] to enable running of the check-rpaths script after %install.

  • Other developers:

Fix the affected packages List of packages

audiofile binutils esc ettercap freeradius fortune-mod fcl eb conky-manager condor community-mysql czmq cfitsio compat-guile18 glib2 gnokii koffice-kivio kicad jq komparator k3guitune laszip levmar hdf gpick kdepim3 gpgme Io-language kdegames3 gupnp-dlna kdebase3 libcommuni lutok libburn libminc libisoburn liboping librfid mingw-qt5-qtdeclarative libkkc openjade libdxfrw libosip2 libeXosip2 NLopt libprelude mingw-qt5-qt3d mod_wsgi libXcm ncview libdkimpp mingw-qt5-qttools mcpp mingw-qt5-qtbase mongo-c-driver nightview openscap plotmm pam_yubico perl-SDL pinentry pam_mount rb_libtorrent rrdtool rarian qwtpolar qucs scipy tracker SDL_image sofia-sip scap-workbench woff2 xeus yaz stp suitesparse sqlite2 vanessa_logger xbsql tracker-miners WindowMaker xmms sylfilter verbiste zvbi xdotool texlive-base zinnia

  • Policies and guidelines: N/A (not needed for this Change)

Guidelines need to change, link to PR

  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives:

Upgrade/compatibility impact

How To Test

Copr repo Local changes


User Experience

Packagers will have

Dependencies

Merge the PR to redhat-rpm-config

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?) N/A (not a System Wide Change)
  • Contingency deadline: N/A (not a System Wide Change)
  • Blocks release? N/A (not a System Wide Change), Yes/No

Revert the change

Documentation

N/A (not a System Wide Change)

Release Notes