ubuntu-sdk-bugs team mailing list archive
-
ubuntu-sdk-bugs team
-
Mailing list archive
-
Message #08180
[Bug 2066203] [NEW] Libraries compiled without Shadow Stack support
Public bug reported:
I tried to execute VLC when I forcefully enabled Shadow Stack on my
system using the environment variable
GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK and it didn't run correctly:
➜ GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK vlc -v
VLC media player 3.0.20 Vetinari (revision 3.0.20-0-g6f0d0ab126b)
[000060bf9270b5e0] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[000060bf927a3460] main playlist: playlist is empty
☸ rancher-desktop in packages/fwupd/1.9.20 on ☁️ (us-east-1) on ☁️ marcoshalano@xxxxxxxxx took 3s
➜ GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK vlc -v
VLC media player 3.0.20 Vetinari (revision 3.0.20-0-g6f0d0ab126b)
[00006399376a4e90] main audio output warning: cannot load module `/usr/lib/x86_64-linux-gnu/vlc/plugins/audio_output/libpulse_plugin.so' (/lib/x86_64-linux-gnu/libmpg123.so.0: rebuild shared object with SHSTK support enabled)
[00006399375e95e0] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[00006399377027e0] main interface warning: cannot load module `/usr/lib/x86_64-linux-gnu/vlc/plugins/gui/libqt_plugin.so' (/lib/x86_64-linux-gnu/libQt5Core.so.5: rebuild shared object with SHSTK support enabled)
[00007d14880245f0] main generic warning: cannot load module `/usr/lib/x86_64-linux-gnu/vlc/plugins/gui/libqt_plugin.so' (/lib/x86_64-linux-gnu/libQt5Core.so.5: rebuild shared object with SHSTK support enabled)
[00006399377027e0] skins2 interface error: cannot instantiate dialogs provider
[0000639937681460] main playlist: playlist is empty
[00006399377027e0] [cli] lua interface: Listening on host "*console".
VLC media player 3.0.20 Vetinari
Command Line Interface initialized. Type `help' for help.
>
If I check the library, it doesn't show Shadow Stack enabled. The command:
readelf -a /lib/x86_64-linux-gnu/libmpg123.so.0|grep STK
Returns nothing.
As control group, I tried with libssl3:
➜ readelf -a /lib/x86_64-linux-gnu/libssl.so.3 |grep STK
Properties: x86 feature: IBT, SHSTK
The same problem happened with:
/lib/x86_64-linux-gnu/libQt5Core.so.5
** Affects: mpg123 (Ubuntu)
Importance: Undecided
Status: New
** Affects: qtbase-opensource-src (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
I tried to execute VLC when I forcefully enabled Shadow Stack on my
system using the environment variable
- GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK and VLC didn't run correctly:
+ GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK and it didn't run correctly:
- GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK vlc -v
+ ➜ GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK vlc -v
VLC media player 3.0.20 Vetinari (revision 3.0.20-0-g6f0d0ab126b)
[000060bf9270b5e0] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[000060bf927a3460] main playlist: playlist is empty
- ☸ rancher-desktop in packages/fwupd/1.9.20 on ☁️ (us-east-1) on ☁️ marcoshalano@xxxxxxxxx took 3s
- ➜ GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK vlc -v
+ ☸ rancher-desktop in packages/fwupd/1.9.20 on ☁️ (us-east-1) on ☁️ marcoshalano@xxxxxxxxx took 3s
+ ➜ GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK vlc -v
VLC media player 3.0.20 Vetinari (revision 3.0.20-0-g6f0d0ab126b)
[00006399376a4e90] main audio output warning: cannot load module `/usr/lib/x86_64-linux-gnu/vlc/plugins/audio_output/libpulse_plugin.so' (/lib/x86_64-linux-gnu/libmpg123.so.0: rebuild shared object with SHSTK support enabled)
[00006399375e95e0] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[00006399377027e0] main interface warning: cannot load module `/usr/lib/x86_64-linux-gnu/vlc/plugins/gui/libqt_plugin.so' (/lib/x86_64-linux-gnu/libQt5Core.so.5: rebuild shared object with SHSTK support enabled)
[00007d14880245f0] main generic warning: cannot load module `/usr/lib/x86_64-linux-gnu/vlc/plugins/gui/libqt_plugin.so' (/lib/x86_64-linux-gnu/libQt5Core.so.5: rebuild shared object with SHSTK support enabled)
[00006399377027e0] skins2 interface error: cannot instantiate dialogs provider
[0000639937681460] main playlist: playlist is empty
[00006399377027e0] [cli] lua interface: Listening on host "*console".
VLC media player 3.0.20 Vetinari
Command Line Interface initialized. Type `help' for help.
- >
+ >
If I check the library, it doesn't show Shadow Stack enabled. The command:
readelf -a /lib/x86_64-linux-gnu/libmpg123.so.0|grep STK
Returns nothing.
As control group, I tried with libssl3:
- ➜ readelf -a /lib/x86_64-linux-gnu/libssl.so.3 |grep STK
- Properties: x86 feature: IBT, SHSTK
+ ➜ readelf -a /lib/x86_64-linux-gnu/libssl.so.3 |grep STK
+ Properties: x86 feature: IBT, SHSTK
The same problem happened with:
/lib/x86_64-linux-gnu/libQt5Core.so.5
** Also affects: qtbase-opensource-src (Ubuntu)
Importance: Undecided
Status: New
** Summary changed:
- Library compiled without Shadow Stack support
+ Libraries compiled without Shadow Stack support
--
You received this bug notification because you are a member of Ubuntu
SDK bug tracking, which is subscribed to qtbase-opensource-src in
Ubuntu.
https://bugs.launchpad.net/bugs/2066203
Title:
Libraries compiled without Shadow Stack support
Status in mpg123 package in Ubuntu:
New
Status in qtbase-opensource-src package in Ubuntu:
New
Bug description:
I tried to execute VLC when I forcefully enabled Shadow Stack on my
system using the environment variable
GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK and it didn't run correctly:
➜ GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK vlc -v
VLC media player 3.0.20 Vetinari (revision 3.0.20-0-g6f0d0ab126b)
[000060bf9270b5e0] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[000060bf927a3460] main playlist: playlist is empty
☸ rancher-desktop in packages/fwupd/1.9.20 on ☁️ (us-east-1) on ☁️ marcoshalano@xxxxxxxxx took 3s
➜ GLIBC_TUNABLES=glibc.cpu.hwcaps=SHSTK vlc -v
VLC media player 3.0.20 Vetinari (revision 3.0.20-0-g6f0d0ab126b)
[00006399376a4e90] main audio output warning: cannot load module `/usr/lib/x86_64-linux-gnu/vlc/plugins/audio_output/libpulse_plugin.so' (/lib/x86_64-linux-gnu/libmpg123.so.0: rebuild shared object with SHSTK support enabled)
[00006399375e95e0] main libvlc: Running vlc with the default interface. Use 'cvlc' to use vlc without interface.
[00006399377027e0] main interface warning: cannot load module `/usr/lib/x86_64-linux-gnu/vlc/plugins/gui/libqt_plugin.so' (/lib/x86_64-linux-gnu/libQt5Core.so.5: rebuild shared object with SHSTK support enabled)
[00007d14880245f0] main generic warning: cannot load module `/usr/lib/x86_64-linux-gnu/vlc/plugins/gui/libqt_plugin.so' (/lib/x86_64-linux-gnu/libQt5Core.so.5: rebuild shared object with SHSTK support enabled)
[00006399377027e0] skins2 interface error: cannot instantiate dialogs provider
[0000639937681460] main playlist: playlist is empty
[00006399377027e0] [cli] lua interface: Listening on host "*console".
VLC media player 3.0.20 Vetinari
Command Line Interface initialized. Type `help' for help.
>
If I check the library, it doesn't show Shadow Stack enabled. The command:
readelf -a /lib/x86_64-linux-gnu/libmpg123.so.0|grep STK
Returns nothing.
As control group, I tried with libssl3:
➜ readelf -a /lib/x86_64-linux-gnu/libssl.so.3 |grep STK
Properties: x86 feature: IBT, SHSTK
The same problem happened with:
/lib/x86_64-linux-gnu/libQt5Core.so.5
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/mpg123/+bug/2066203/+subscriptions
