patchelf icon indicating copy to clipboard operation
patchelf copied to clipboard

Published 20 hours ago verified publisher icon NixOS

patchelf --remove-rpath leaves the rpath string the file

Open ghost opened this issue 2 years ago • 9 comments

Describe the bug

After running patchelf --remove-rpath on a shared library, readelf -a | grep $OLD_RPATH will show no matches. However the string has been left behind in the binary.

Steps To Reproduce

Please include exact steps with an attached binary so that another person can reproduce the problem.

patchelf --remove-rpath libgcc_s.so.1
readelf -a libgcc_s.so.1 | grep /nix/store/kvjzg
strings libgcc_s.so.1 | grep /nix/store/kvjzg
/nix/store/7rb10j6ifizp05pm2h51sjwiky5wnkb8-xgcc-11.3.0-lib/lib:/nix/store/kvjzg5xf51niicmw9fndxws1akgz21p4-bootstrap-stage0-glibc-bootstrap/lib:/nix/store/4b30jk1h42q5qs71l4sbv8cr3hnxdys4-bootstrap-tools/lib

Expected behavior

No output from the second command. Nix's reference scanner depends on this.

patchelf --version output

patchelf 0.15.0

libgcc_s.so.1.gz

Additional context

Add any other context about the problem here.

ghost avatar Jan 12 '23 07:01 ghost

Temporary workaround is patchelf --set-rpath ""

ghost avatar Jan 12 '23 07:01 ghost

Just now it only removes the dyn section: https://github.com/NixOS/patchelf/blob/5908e16cd562bcb1909be4de0409c4912a8afc52/src/patchelf.cc#L1400 it could also override the old string with XXX

Mic92 avatar Jan 12 '23 08:01 Mic92

Just now it only removes the dyn section:

https://github.com/NixOS/patchelf/blob/5908e16cd562bcb1909be4de0409c4912a8afc52/src/patchelf.cc#L1400

it could also override the old string with XXX

Isn't modifying the old value potentially dangerous? Is there anything that says multiple dyn entries can't refer to the same string in the table (or even the suffix of an existing string)?

jvolkman avatar Feb 02 '23 21:02 jvolkman

Isn't modifying the old value potentially dangerous? Is there anything that says multiple dyn entries can't refer to the same string in the table (or even the suffix of an existing string)?

Yikes. That is probably the case.

ghost avatar Feb 13 '23 12:02 ghost

Isn't modifying the old value potentially dangerous? Is there anything that says multiple dyn entries can't refer to the same string in the table (or even the suffix of an existing string)?

Yes, you are right. I forgot about this optimization...

Mic92 avatar Feb 19 '23 07:02 Mic92

Isn't this a problem for --set-rpath as well?

Right now --set-rpath "" blanks the rpath:

https://github.com/NixOS/patchelf/blob/e37f892b12ff900ab5e733f688548c87cd14ef02/src/patchelf.cc#L1566-L1570

ghost avatar Feb 23 '23 04:02 ghost

Isn't this a problem for --set-rpath as well?

I think it is. I am surprised it never got filed as an issue...

Mic92 avatar Feb 23 '23 20:02 Mic92

Isn't this a problem for --set-rpath as well?

I think it is. I am surprised it never got filed as an issue...

Perhaps https://github.com/NixOS/patchelf/issues/162 is such an issue.

eliasnaur avatar Mar 30 '23 15:03 eliasnaur

Perhaps #162 is such an issue.

Wow that looks highly likely to be the case.

ghost avatar Apr 06 '23 06:04 ghost