This bug is transferred from comment #13 of bug 1538. When using
homecreatefilter with setuid applications, error messages like:
ERROR: ld.so: object 'libhomecreatefilter.so' from LD_PRELOAD cannot be
...are printed. This is because when using setuid, preloading is only allowed
from "system directories" (/lib and a few others). Additionally, the library
must be setuid as well.
One solution is to make sure libhomecreatefilter.so is setuid and placed in a
system directory. This will enable homecreatefilter for setuid applications.
Even better, though, would be to have homecreatefilter ignored, without an error
message, for setuid applications. I don't know if this is possible, but I will
send a mail to the glibc mailing list and ask for help.
Se also article 247818 in komintern.
Mail has been sent.
I've generalized this bug somewhat. This is not just a problem of ugly error messages: On many systems both xterm and konsole are setgid and/or setuid. glibc does not only *ignore* "dangerious" variables: when it comes to LD_LIBRARY_PATH, it is completely removed. This means that if you start a xterm or konsole, LD_LIBRARY_PATH is no more. This means that:
* tl-run-rdesktop will not work, since libpcsclite.so cannot be loaded.
* homecreatefilter is disabled
* serial port redirection is disabled
and so on. In particular, it's annoying that if you select "xterm" on the tl-select-profile menu, you will get an environment without the correct LD_LIBRARY_PATH. Some additional information:
* http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328479 describes a similiar problem.
* Another name for "system directories" is "trusted directories".
* glibc loads libs from trusted dirs before using ld.so.conf, which is very annoying. This means that we cannot use ld.so.conf for our libpcsclite.so replacement. Very annoying. Other people thinks so as well, see http://cygwin.com/ml/libc-alpha/2001-08/msg00312.html. Also, as far as I know, it's not possible to determine at runtime which dirs are the trusted dirs.
So, I think our approach is to continue setting LD_LIBRARY_PATH through vsmagent.conf, and use short names in LD_PRELOAD, but declare war at setuid/setgid applications. For example, tl-setup could warn if xterm/konsole are setuid/setgid.
The tl-setup task is handled on bug 2620. This bug is for a more long-term solution, which perhaps involves glibc changes.
This also affects setgid and setcap programs. See bug 7517 for one major case.
Sorry, that should have been bug 7516.