New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
build: Use -module for sudo_noexec.la #102
Conversation
Also please see this downstream issue: |
The problem is that modules and shared libraries are not the same on all platforms. In the case of macOS (darwin), you cannot use a module with the LD_PRELOAD equivalent, it has to be a shared library. This hack is really to work around a GNU libtool restriction that shared libraries begin with "lib". Do you know if slibtool has this restriction? My inclination is to just remove this restriction from the libtool bundled with sudo and use -module on non-macOS platforms. |
Yes, libraries must start with https://www.gnu.org/software/automake/manual/html_node/Libtool-Modules.html Perhaps on darwin it can be build as |
On Darwin, shared modules and shared libraries are not interchangable and since we preload sudo_noexec.so via DYLD_INSERT_LIBRARIES it must be a library, not a module. We must relax the requirement that libraries begin with a "lib" prefix to work around this difference. This does mean you must use sudo's libtool on Darwin (macOS) but that is already a requirement on other systems (notably HP-UX and SCO) due to a number of libtool patches we require that haven't be accepted upstream. This is a different fix for PR #102.
I'd like to keep the file name the same on both Darwin and other systems. I've committed changes to use -module on systems other than Darwin and relaxed the requirement that shared libraries begin with a "lib" prefix on sudo's bundled version of libtool. This does mean you must use sudo's version of libtool on Darwin but there are already patches present in sudo's libtool that haven't been committed upstream so this is not a new situation. |
With slibtool building
|
Since -module is now used to link sudo_noexec.la on all platforms except on Darwin I don't see why this is an issue for you. |
Sorry I was not clear, I added that mostly for reference. I think this would actually be a problem for anyone that is using darwin + slibtool, but you're right I would not be personally affected. Edit: For reference the relevant commit is: 2e49226 |
When building sudo with slibtool-0.5.34 or newer (https://dev.midipix.org/cross/slibtool) it will fail.
This is because of sudo contains a hack for darwin which builds
libsudo_noexec.la
and then manually edits and renames the file tosudo_noexec.la
instead of just compiling it with-module
. Additionally due to unrelated bug fixes slibtool exposed this issue in the recent0.5.34
release which now requires host information during install mode which will not be present with such a hack. Not to mention that manually editing and renaming.la
files is entirely non-portable and only works with GNU libtool because it is an inactive project which is far less permissive than slibtool.Unfortunately I do not have a darwin system to test, but if this is still a problem there I strongly suggest that a better solution is found on that platform.