Debian Bug report logs - #643967
prelink -u fails on some binaries; this breaks debsums

version graph

Package: prelink; Maintainer for prelink is Geoffrey Thomas <gthomas@mokafive.com>; Source for prelink is src:prelink.

Reported by: sacrificial-spam-address@horizon.com

Date: Sat, 1 Oct 2011 10:15:01 UTC

Severity: important

Found in version 0.0.20090925-1

Reply or subscribe to this bug.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Andrés Roldán <aroldan@debian.org>:
Bug#643967; Package prelink. (Sat, 01 Oct 2011 10:15:04 GMT) Full text and rfc822 format available.

Acknowledgement sent to sacrificial-spam-address@horizon.com:
New Bug report received and forwarded. Copy sent to Andrés Roldán <aroldan@debian.org>. (Sat, 01 Oct 2011 10:15:43 GMT) Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: sacrificial-spam-address@horizon.com
To: submit@bugs.debian.org
Cc: sacrificial-spam-address@horizon.com
Subject: prelink -u fails on some binaries; this breaks debsums
Date: 1 Oct 2011 06:12:17 -0400
Package: prelink
Version: 0.0.20090925-1
Severity: serious

On i386, consider the following series of commands:
# dpkg -i psmisc_22.14-1_i386.deb
(snipped)
#  /usr/sbin/prelink -y --md5 /usr/bin/pstree
bb296a950a089ec8a837a1c97b47eeb9  /usr/bin/pstree
#  /usr/sbin/prelink -mR -T /usr/bin/pstree
#  /usr/sbin/prelink -y --md5 /usr/bin/pstree
prelink: Could not write temporary for /usr/bin/pstree: Layout error: overlapping sections

The problem also happens with:
5d81333c2cf40ddee6d18139b01afd4b  /usr/bin/peekfd
prelink: Could not write temporary for /usr/bin/peekfd: Layout error: overlapping sections
95ae7ca0bc1685de6f84046ffff9efee  /usr/bin/killall
prelink: Could not write temporary for /usr/bin/killall: Layout error: overlapping sections
ffc1b9a380a7afb6fdf32f9cd5b3c7d0  /bin/fuser
prelink: Could not write temporary for /bin/fuser: Layout error: overlapping sections

The same error crops uo when attempting any sort of "undo" operation.

This breaks debsums runs, which is a pretty serious security problem.




Information forwarded to debian-bugs-dist@lists.debian.org, Andrés Roldán <aroldan@debian.org>:
Bug#643967; Package prelink. (Thu, 08 Dec 2011 21:30:03 GMT) Full text and rfc822 format available.

Acknowledgement sent to A Mennucc <debdev@mennucci.sns.it>:
Extra info received and forwarded to list. Copy sent to Andrés Roldán <aroldan@debian.org>. (Thu, 08 Dec 2011 21:30:04 GMT) Full text and rfc822 format available.

Message #10 received at 643967@bugs.debian.org (full text, mbox):

From: A Mennucc <debdev@mennucci.sns.it>
To: 643967@bugs.debian.org
Subject: debdelta as well is affected
Date: Thu, 8 Dec 2011 22:26:42 +0100
hi,

'debdelta-upgrade' uses 'prelink -u' in ssytems where prelink is used,
to recover the original version of the file; so this bug is
affecting it as well; please give it a look

a.


-- 
Andrea Mennucc
 "E' un mondo difficile. Che vita intensa!" (Tonino Carotone)




Information forwarded to debian-bugs-dist@lists.debian.org, Debian QA Group <packages@qa.debian.org>:
Bug#643967; Package prelink. (Sun, 10 Jun 2012 20:39:07 GMT) Full text and rfc822 format available.

Acknowledgement sent to Michael Gilbert <mgilbert@debian.org>:
Extra info received and forwarded to list. Copy sent to Debian QA Group <packages@qa.debian.org>. (Sun, 10 Jun 2012 20:39:07 GMT) Full text and rfc822 format available.

Message #15 received at 643967@bugs.debian.org (full text, mbox):

From: Michael Gilbert <mgilbert@debian.org>
To: control <control@bugs.debian.org>, 643967@bugs.debian.org
Subject: re: prelink -u fails on some binaries; this breaks debsums
Date: Sun, 10 Jun 2012 16:35:58 -0400
severity 643967 important
tag 643967 -security
thanks

This problem should not be considered a security issue.  Anyone
utilizing prelink should be aware of the fact that it changes
binaries, and there is the possibility that those changes aren't
reversible; leading to differing checksums in tools like debsums.  The
appropriate course of action for one so concerned is to completely
avoid prelink until it is 100% reliably reversible.

Best wishes,
Mike




Severity set to 'important' from 'serious' Request was from Michael Gilbert <mgilbert@debian.org> to control@bugs.debian.org. (Sun, 10 Jun 2012 20:39:24 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Thu Apr 17 18:57:04 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.