Bug 15475 - libbsd is injected into system applications
Summary: libbsd is injected into system applications
Status: NEW
Alias: None
Product: Samba 4.1 and newer
Classification: Unclassified
Component: Winbind (show other bugs)
Version: 4.19.0
Hardware: All All
: P5 normal (vote)
Target Milestone: ---
Assignee: Stefan Metzmacher
QA Contact: Samba QA Contact
URL: https://gitlab.com/samba-team/samba/-...
Keywords:
Depends on:
Blocks:
 
Reported: 2023-09-12 14:37 UTC by Stefan Metzmacher
Modified: 2023-09-15 04:26 UTC (History)
2 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Stefan Metzmacher 2023-09-12 14:37:21 UTC 
This is similar to https://bugzilla.samba.org/show_bug.cgi?id=14780 (Private libraries are injected into system applications)

There we tried to hide our internal symbols from applications loading
our plugins (e.g. libnss_winbind.so.2 or pam_winbind.so)

If we find libbsd in the system we link our plugins against it
and inject the symbols from it into the application, as the
symbols in libbsd have very common names, there's a change to
generate symbol conflicts causing unexpected behavior.

So we better use our own replacement functions from lib/replace
for the plugins instead of using the ones from libbsd
as we most likely not really need them. Currently we only
seem to use strlcpy() and we have our own version of it...
Comment 1 Douglas Bagnall 2023-09-15 04:26:34 UTC 
strlcat() too, but that doesn't change the argument.