build: bundle-libraries.sh: patch bundled ld.so
authorJo-Philipp Wich <jo@mein.io>
Thu, 25 Jan 2018 16:12:29 +0000 (17:12 +0100)
committerJo-Philipp Wich <jo@mein.io>
Fri, 2 Feb 2018 12:59:34 +0000 (13:59 +0100)
Remove references to /etc/, /lib/ and /usr/ from the bundled ld.so
interpreter using simple binary patching.

This is needed to prevent loading host system libraries such as
libnss_compat.so.2 on foreign systems, which may result in ld.so
inconsistency assertions.

Signed-off-by: Jo-Philipp Wich <jo@mein.io>
scripts/bundle-libraries.sh

index f254d4d..bfe681a 100755 (executable)
@@ -97,6 +97,18 @@ _runas_so() {
        }
 }
 
+_patch_ldso() {
+       _cp "$1" "$1.patched"
+       sed -i -e 's,/\(usr\|lib\|etc\)/,/###/,g' "$1.patched"
+
+       if "$1.patched" 2>&1 | grep -q -- --library-path; then
+               _mv "$1.patched" "$1"
+       else
+               echo "binary patched ${1##*/} not executable, using original" >&2
+               rm -f "$1.patched"
+       fi
+}
+
 for LDD in ${PATH//://ldd }/ldd; do
        "$LDD" --version >/dev/null 2>/dev/null && break
        LDD=""
@@ -135,6 +147,7 @@ for BIN in "$@"; do
                                [ -f "$token" -a ! -f "$dest" ] && {
                                        _md "$ddir"
                                        _cp "$token" "$dest"
+                                       [ -n "$LDSO" ] && _patch_ldso "$dest"
                                }
                        ;; esac
                done