Date: Wed, 7 Feb 2001 12:13:44 -0500 (EST) From: Darren Henderson <darren@bmv.state.me.us> To: Maxime Henrion <mux@qualys.com> Cc: freebsd-stable@freebsd.org, imp@village.org Subject: Re: ldconfig/rc.conf change Message-ID: <Pine.A41.4.21.0102071157440.38436-100000@katahdin.bmv.state.me.us> In-Reply-To: <20010207110842.A484@nebula.cybercable.fr>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 7 Feb 2001, Maxime Henrion wrote:
> Darren Henderson wrote:
>
:
:
> > Glancing at the mailing list archives and /usr/src/UPDATING I don't see any
> > mention of changes to ldconfig or rc.conf processing. So...what changed? Is
> > the -i opt for ldconfig new? Is the ldconfig_insecure var in
> > /etc/defaults/rc.conf new or changed? The /usr/local/mysql/lib/mysql dir
> > isn't owned by root so my previous solution can't work with the
> > ldconfig_insecure default of "NO"...so I suspect something there changed.
> >
> > What ever it was, it probably deserves a mention in /usr/src/UPDATING
>
> Hi,
>
> From /usr/src/release/texts/i386/RELNOTES.TXT:
> ldconfig(8) now checks directory ownerships and permissions for
> greater security; these checks can be disabled with the -i
> flag.
>
> ldconfig now checks that the directories in which it takes the shared libs are
> owned by root, and not world writable nor group writable. It will skip any
> directory if the checks fail.
Great, another place to check for changes that effect updates:)
I had looked at ldconfig's source to see if there were any dated comments
that would answer my question but would have never thought to look in that
directory.
> The ldconfig_insecure flag is used to run the startup ldconfig commands with
> the new -i flag. Of course, its use is discouraged. You should check the
> permissions of your /usr/local/mysql/lib/mysql.
mysql was installed as belonging to user mysql so root wasn't the owner, nor
am I sure that root should be the owner. The lib is also installed as
writeable by the owner. That may not be true if its installed from the ports
collection, I believe this was installed directly from source instead.
Simple enough to correct of course. I initially got around it by altering my
apache start up and including an ldconfig with the -i option there for the
mysql lib.
>
> Hope this helps,
Certainly answers my question. Thanks!
Going to forward a copy of this to imp as well. Wasn't a major problem but
it would have been nice to see it mentioned in UPDATING. Perhaps the change
didn't cross the threshold that warrents inclussion in that file.
________________________________________________________________________
Darren Henderson darren@bmv.state.me.us
darren.henderson@state.me.us
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.A41.4.21.0102071157440.38436-100000>