Opened 5 years ago

Closed 5 years ago

Last modified 5 years ago

#13062 closed defect (duplicate)

Specifying tor's libevent and openssl directories adds RPATH to resulting binary

Reported by: mikeperry Owned by: erinn
Priority: Medium Milestone:
Component: Applications/Tor bundles/installation Version:
Severity: Keywords: tbb-security, gitian, TorBrowserTeam201409
Cc: gk, nickm Actual Points:
Parent ID: Points:
Reviewer: Sponsor:

Description (last modified by mikeperry)

The configure script to Tor has arguments that allow the specification of a non-standard libevent and openssl (--with-libevent-dir=PATH and --with-openssl-dir=PATH). Unfortunately, these arguments also add -rpath to the linking step for these directories, which creates an RPATH entry in the resulting tor binary such that these directories become part of the library search path. For TBB, this results in creating the ability for code injection via creation of .so files in /home/ubuntu/install/, as reported by this troll^Wconcerned user:
https://blog.torproject.org/blog/tor-browser-365-and-40-alpha-2-are-released#comment-74540

I suppose we can set LIBRARY_PATH and C_INCLUDE_PATH prior to configure/make instead, which I think will just cause gcc to search these directories during build without emitting an RPATH for them.

Child Tickets

Change History (4)

comment:1 Changed 5 years ago by mikeperry

Description: modified (diff)

comment:2 Changed 5 years ago by mikeperry

Cc: nickm added
Description: modified (diff)
Summary: Specifying tor's libevent and openssl directories adds -L/RPATHSpecifying tor's libevent and openssl directories adds RPATH to resulting binary

comment:3 Changed 5 years ago by gk

Resolution: duplicate
Status: newclosed

objdump -x tor | grep RPATH does not show anything anymore since #9150 got fixed. Thus, closing this issue and calling it a duplicate.

comment:4 Changed 5 years ago by cypherpunks

cause gcc to search these directories during build without emitting an RPATH for them.

It was run-time issue of configure script not compile-time issue.

Configure script tries to build and play simple code to test if need any extra options. That options used if no system-wide library installed while user provided custom library by direct paths, those RPATH allowing to run resulting Tor at least.

Btw, while it's not Tor Browser builder problems anymore for now, it could be still some Tor bug in configure script if user tried to use very special custom library while standard system-wide library installed, then no RPATH emited and everything depends *PATHs VARS provided during run-time, those confusing about result. But RPATH is not good idea at all, so Tor's configure script need some fix for clear and anti-paranoid in general.

Note: See TracTickets for help on using tickets.