Bug 11666 - Symbols from private libraries accessible by external users
Symbols from private libraries accessible by external users
Status: NEW
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Build
unspecified
All All
: P5 major
: ---
Assigned To: Samba QA Contact
Samba QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-09 20:46 UTC by Jelmer Vernooij
Modified: 2016-01-28 01:04 UTC (History)
4 users (show)

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Jelmer Vernooij 2016-01-09 20:46:27 UTC
Symbols in private libraries have recently (?) started being accessible by external users. This makes the distinction between private and public libraries pointless.
Comment 1 Thomas Nagy 2016-01-10 03:03:55 UTC
I had a quick chat with Jelmer, and it seems the issue has been present for the last 6 months at least (not 4.1 as the title says).

An example of the issue is "if you link against just -lsamba-util, it shouldn't expose the symbols in e.g. samba-debug".

I do not have sufficient knowledge of the samba build to help though, so I would need a testcase or some information to be able to pinpoint the revision(s) :-(
Comment 2 Stefan Metzmacher 2016-01-11 08:19:54 UTC
(In reply to Jelmer Vernooij from comment #0)

The private libraries are just normal shared libraries, which need expose
functions symbols.

As libsamba-util.so links against private/libsamba-debug-samba4.so
an binary that links against libsamba-util.so see the symbols of 
private/libsamba-debug-samba4.so at runtime. I can't think of a way
to avoid that. If the binary is linking with -lsamba-util only
and sees the symbols of private/libsamba-debug-samba4.so at link time,
I guess the linker flags used for that binary are the problem.
Maybe it's related to --add-needed/--copy-dt-needed-entries.

Do you have an example program that shows the problem.
Please also use nm and grep ' T ' to verify which symbols are exposed
by which library.
Comment 3 Jelmer Vernooij 2016-01-28 01:04:56 UTC
Yeah, I think --no-add-needed would help.

Some linkers (e.g. ld.gold) enable --no-add-needed by default. I'm guessing I'm building with a different linker now, so perhaps this is not a regression but a change in my environment.