hey, On 27/05/2010 Bastian Blank wrote: > On Thu, May 27, 2010 at 04:00:59PM +0200, Jonas Meurer wrote: > > cryptsetup staticly links against libdevmapper, > > This is not allowed under normal circumstances. Does the security team > know about? > > > as the library is > > located in /usr/lib, and cryptsetup needs to be invoked before /usr is > > mounted. please either bring brack the static library, or move the > > dynamic library to /lib. > > Please show evidence for this behaviour. Both lvm2 and dmsetup uses this > library and works fine without /usr available and all the versions I > know have the lib in /lib. > > Closing as no bug.
sorry, you're right. cryptsetup doesn't even link staticly against devmapper libraries, it only does so for libgcrypt and libgpg-error. security team is aware of that. but still the most recent update of libdevmapper broke cryptsetup build. see the build logs at https://buildd.debian.org/pkg.cgi?pkg=cryptsetup: make[3]: Entering directory `/build/buildd-cryptsetup_1.1.1-1-i386-X7Uy0C/cryptsetup-1.1.1/src' gcc -DHAVE_CONFIG_H -I. -I.. -I.. -I../lib -DDATADIR=\""/usr/share"\" -DLOCALEDIR=\""/usr/share/locale"\" -DLIBDIR=\""/usr/lib"\" -DPREFIX=\""/usr"\" -DSYSCONFDIR=\""/usr/etc"\" -DVERSION=\""1.1.1"\" -D_GNU_SOURCE -Wall -Wall -g -O2 -MT cryptsetup-cryptsetup.o -MD -MP -MF .deps/cryptsetup-cryptsetup.Tpo -c -o cryptsetup-cryptsetup.o `test -f 'cryptsetup.c' || echo './'`cryptsetup.c mv -f .deps/cryptsetup-cryptsetup.Tpo .deps/cryptsetup-cryptsetup.Po /bin/sh ../libtool --tag=CC --mode=link gcc -Wall -Wall -g -O2 -all-static -o cryptsetup cryptsetup-cryptsetup.o ../lib/libcryptsetup.la -lgcrypt -lgpg-error -lselinux -lsepol -lpopt libtool: link: gcc -Wall -Wall -g -O2 -static -o cryptsetup cryptsetup-cryptsetup.o ../lib/.libs/libcryptsetup.a -luuid -L/lib -ldevmapper -lpthread /usr/lib/libgcrypt.a /usr/lib/libgpg-error.a -lselinux -lsepol /usr/lib/libpopt.a /usr/bin/ld: cannot find -ldevmapper collect2: ld returned 1 exit status make[3]: *** [cryptsetup] Error 1 make[3]: Leaving directory `/build/buildd-cryptsetup_1.1.1-1-i386-X7Uy0C/cryptsetup-1.1.1/src' make[2]: *** [all-recursive] Error 1 make[2]: Leaving directory `/build/buildd-cryptsetup_1.1.1-1-i386-X7Uy0C/cryptsetup-1.1.1' make[1]: *** [all] Error 2 make[1]: Leaving directory `/build/buildd-cryptsetup_1.1.1-1-i386-X7Uy0C/cryptsetup-1.1.1' make: *** [build-stamp] Error 2 dpkg-buildpackage: error: debian/rules build gave error exit status 2 i can reproduce this bug with libdevmapper-dev 2:1.02.47-1. greetings, jonas
signature.asc
Description: Digital signature
