Re: WARNING - Seriously damage vulnerability for _desktop_ users, be careful.

[YONETANI Tomokazu <qhwt+dfly@xxxxxxxxxx>]

On Mon, Feb 07, 2005 at 09:00:25AM +0100, Bartek Stalewski wrote:
> I have DragonFly on my workstation computer. I'm using firefox with 
> flash via linuxpluginwrapper.

Ugh, sorry about that, I completely forgot about removing stale patch.

> Going forward instructions from the port, I have always patched 
> /usr/src/libexec/rtld-so, after building world.
> 
> Today, as usual, after world I've patched sources, and made 'make 
> install clean'. Unfortunatelly, actual sources of rtld-so are not 
> supporting changes from libmap's diff, required for flash. So, the 
> effect was simple - ld-elf.so.1 has been broken ;-) ALL SYSTEM was 
> totally broken.

Hmm, `make install clean' is a dangerous command, your system may be
left broken without a clue :)

> I was able to recover it (mouting filesystem from LiveCD, chflags, and 
> move backuped ld-elf.so.1.old to /usr/libexec).

/bin/mv and /usr/bin/chflags are both statically linked, so
I expect that they worked for you(unless you wanted to read the man page).

> Of course, the fault was on my side - after reading @commits I should 
> know, that rtld-so has changed.

I expect that both patch and build of rtld-elf failed. When I tested it,
the patch failed because of a conflict in Makefile(echo $? after patch
gives you `1'), and build fails because of some missing symbols.

> But, I want to warn all desktop users, working with flash - the plugin 
> is currently broken, and better DON'T try to use it, because You all 
> could end like me ;-))

Thanks for the warning. I think that a workaround with LD_LIBRARY_PATH
is still usable, if not perfect, until our native support for name space
translation is implemented in rtld.