|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Hank Leininger (linux-security-audit
progressive-comp.com)Date: Sat Feb 24 2001 - 14:10:13 CST
On 2001-02-23, Solar Designer <solaropenwall.com> wrote:
> On Fri, Feb 23, 2001 at 03:05:07PM +0200, Jarno Huuskonen wrote:
> > (I have statically linked ntpd and the chroot dir has /dev/null,
> > /etc/resolv.conf, /etc/nsswitch.conf and /etc/host.conf).
> > Can somebody give any pointers why gethostbyname might be failing
> > (it works fine w/out the chroot).
> If this is glibc-2.1+, then its NSS uses dynamic linking even when
> you statically-link the binary against libc. You probably need to
> copy /lib/libnss_dns{-2.*.so,.so.2} into the chroot jail as well.
Yup (actually I thought glibc-2.0.x had the same issue). Issues I've had
with that are, libnss_*.so themselves apparently want to find a
dynamically-linked libc.so available, so just putting them in the jail with
a statically linked binary may still not work until you copy libc over
too... :(
Or, you can rebuild glibc with --enable-static-nss then you will have
libnss_*.a files (as well as the .so's) so that they can be statically
linked in when building a static binary. Unfortunately I don't know of any
distros which do this (I believe the Slackware folks are or will be
shipping libnss*.a in slackware-current, but not in a release version yet).
Hrm, Solar something for Openwall? :-P
-- Hank Leininger <hlein
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]