ldd: make try_trace more robust and portable

It was noted in 2005 (BZ #832), 2006 (BZ #3266), and 2007 [1] that ldd
fails on shells other than Bash >= 3.0 because of the pipefail option
around try_trace (added on 2004-12-08).  EGLIBC was patched in 2008 [2]
(r6912) to make the pipefail check run only on shells that support it,
but RTLD output would still be lost on other shells with certain SELinux
policies.

This patch rewrites try_trace to work on any POSIX-conformant shell in
such a way as to also work with such SELinux policies.  It also obviates
one difference between glibc and EGLIBC.

URL: https://sourceware.org/ml/libc-alpha/2007-01/msg00041.html
URL: http://www.eglibc.org/archives/patches/msg00526.html

2013-09-11  P. J. McDermott  <pj@pehjota.net>

	[BZ #832]
	* elf/ldd.bash.in (try_trace): More robustly and portably work around
	SELinux terminal write permissions by using a command substitution
	instead of a pipeline and pipefail option.

diff --git a/ChangeLog b/ChangeLog
index 2c32f27..432c041 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,9 @@
+2013-10-14  P. J. McDermott  <pj@pehjota.net>
+
+       [BZ #832]
+       * elf/ldd.bash.in (try_trace): New function.  Delete previous code
+       testing pipefail option.
+
 2013-10-12  Joseph Myers  <joseph@codesourcery.com>
 
        * soft-fp/double.h: Indent preprocessor directives inside #if.

diff --git a/NEWS b/NEWS
index f8f3dbb..b6afde0 100644 (file)
--- a/NEWS
+++ b/NEWS
@@ -9,13 +9,12 @@ Version 2.19
 
 * The following bugs are resolved with this release:
 
-  156, 431, 13982, 13985, 14155, 14547, 14699, 14910, 15048, 15362, 15400,
-  15427, 15522, 15531, 15532, 15608, 15609, 15610, 15632, 15640, 15680,
-  15681, 15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760, 15764,
-  15797, 15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867, 15886,
-  15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919, 15921,
-  15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919, 15921,
-  15923, 15939, 15963, 15966, 15988, 16032, 16034, 16036.
+  156, 431, 832, 13982, 13985, 14155, 14547, 14699, 14910, 15048, 15362,
+  15400, 15427, 15522, 15531, 15532, 15608, 15609, 15610, 15632, 15640,
+  15680, 15681, 15723, 15734, 15735, 15736, 15748, 15749, 15754, 15760,
+  15764, 15797, 15844, 15847, 15849, 15855, 15856, 15857, 15859, 15867,
+  15886, 15887, 15890, 15892, 15893, 15895, 15897, 15905, 15909, 15919,
+  15921, 15923, 15939, 15963, 15966, 15988, 16032, 16034, 16036.
 
 * CVE-2012-4412 The strcoll implementation caches indices and rules for
   large collation sequences to optimize multiple passes.  This cache

diff --git a/elf/ldd.bash.in b/elf/ldd.bash.in
index 39aeca2..c4a1a15 100644 (file)
--- a/elf/ldd.bash.in
+++ b/elf/ldd.bash.in
@@ -106,19 +106,18 @@ if test "$unused" = yes; then
   add_env="$add_env LD_DEBUG=\"$LD_DEBUG${LD_DEBUG:+,}unused\""
 fi
 
-# The following use of cat is needed to make ldd work in SELinux
-# environments where the executed program might not have permissions
-# to write to the console/tty.  But only bash 3.x supports the pipefail
-# option, and we don't bother to handle the case for older bash versions.
-if set -o pipefail 2> /dev/null; then
-  try_trace() {
-    eval $add_env '"$@"' | cat
-  }
-else
-  try_trace() {
-    eval $add_env '"$@"'
-  }
-fi
+# The following command substitution is needed to make ldd work in SELinux
+# environments where the RTLD might not have permission to write to the
+# terminal.  The extra "x" character prevents the shell from trimming trailing
+# newlines from command substitution results.  This function is defined as a
+# subshell compound list (using "(...)") to prevent parameter assignments from
+# affecting the calling shell execution environment.
+try_trace() (
+  output=$(eval $add_env '"$@"' 2>&1; rc=$?; printf 'x'; exit $rc)
+  rc=$?
+  printf '%s' "${output%x}"
+  return $rc
+)
 
 case $# in
 0)