LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 08-23-2009, 09:43 AM   #1
onesikgypo
Member
 
Registered: Jun 2008
Posts: 56

Rep: Reputation: 15
Could Copying Something From /usr/lib to /lib stop connectivity?


Hi,

I have a dedicated server, and one of the techs perfomed the following command:

Code:
sudo cp /usr/lib/libc.so.6 /lib/
soon after we were no longer able to connect to the server.

Is it possible that copying a file like that could cause network problems, and prevent us from ssh'ing in?

Thanks.

Last edited by onesikgypo; 08-23-2009 at 09:45 AM.
 
Old 08-23-2009, 11:46 AM   #2
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
Depending on your concrete distro and how libs are handled, it can not only break connectivity, but break every single binary that links to libc, which are virtually all of them. Yes, that would render the system unusable. Doing this kind of thing is not usually a good idea, for example, in my system I have these:

Code:
$ file /lib/libc* /usr/lib/libc.so 
/lib/libc-2.10.1.so:     ELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.9, stripped
/lib/libc.so.6:          symbolic link to `libc-2.10.1.so'
/usr/lib/libc.so:        ASCII C program text
The *real* library is /lib/libc-2.10.1.so, the other two are not real libraries. /lib/libc.so.6 is a symlink which points to the lib, breaking it will break any program that relies in finding libc at that location. The file at /usr/lib/libc.so is not even a binary file, but an ld script. Overwriting the real library with it will make no good, however in this case I *guess* that overwriting the symlink with it is safe at the immediate future, though it no doubt will bring future issues.

This much depends on what exactly the layout of the libraries in that server are. If libc is broken then the server wouldn't be able to work at all, so the real question is if you have tested the server locally to see if it's still working.
 
Old 08-23-2009, 11:52 AM   #3
onesikgypo
Member
 
Registered: Jun 2008
Posts: 56

Original Poster
Rep: Reputation: 15
Hi,

Thanks for your reply.

As i mentioned in the first post this is a dedicated server - so i personally dont have local acess to it. However the providers engineers will be at the datacentre tomorrow.

I can confirm that lib.so.6 was in fact also in /lib so its quite possible that the tech overwrote the real lib with the symlink in /usr/lib.

My question then, is whether there is any solution at all to fix this - even locally?

Note: there was also a copy of lib.so.6 in /lib/i686/nosegneg (untouched)
 
Old 08-23-2009, 12:04 PM   #4
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
If libc broke, it won't even boot (and nothing will work from that momment when the lib was overwritten).

Locally everything can be fixed, just boot from another disk or any kind, and manually restore the files from rpm's or whatever.
 
Old 08-23-2009, 12:06 PM   #5
onesikgypo
Member
 
Registered: Jun 2008
Posts: 56

Original Poster
Rep: Reputation: 15
ok, so just to confirm, if i tell the providers tech's to boot the server from a disk, and restore the lib.so.6 file to /lib - everything should go back to normal
 
Old 08-23-2009, 12:11 PM   #6
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
Quote:
Originally Posted by onesikgypo View Post
ok, so just to confirm, if i tell the providers tech's to boot the server from a disk, and restore the lib.so.6 file to /lib - everything should go back to normal
Yes, as long as that's your only problem. I can't know for sure if that's what caused your problem. All I say is that it can be potentially harmful to the point of rendering the whole system unusable, breaking every single binary file on your system.
 
Old 08-23-2009, 12:12 PM   #7
onesikgypo
Member
 
Registered: Jun 2008
Posts: 56

Original Poster
Rep: Reputation: 15
well as i mentioned, the server only became inaccessible when one of the tech perfomed that command (a few seconds after). So hopefully you are correct in thinking that a replacement will be all that is necessary - and no permenant damage was done.
 
Old 08-23-2009, 12:18 PM   #8
GrapefruiTgirl
LQ Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551Reputation: 551
If I might ask, what inspired the tech to perform this copy in the first place? Is/was there a problem with the server that looked as though it could be solved by doing this?

Sasha
 
Old 08-23-2009, 12:22 PM   #9
onesikgypo
Member
 
Registered: Jun 2008
Posts: 56

Original Poster
Rep: Reputation: 15
I'm unsure of the exact details, but i believe the tech was having some problems with the rar binary.

It seems that whenever he tried to use the rar command, he recieved the error:

Quote:
bash-3.2$ rar
rar: /lib/libc.so.6: version `GLIBC_2.7' not found (required by rar)
but if he performed the command "/usr/bin/rar" it worked fine.

Also, if he ran the same binary under a different name it worked. i.e.

cp /usr/bin/rar /usr/bin/rar2

using command "rar2" it worked fine.

Removing /usr/bin/rar and placing th ebinary from the source package in /usr/bin also didnt fix the problem, with rar giving the above error.

for some reason the binary wouldnt work by just using "rar"

this was when he subsequently overwrote the file, thinking it was a solution.

However that is the least of my concerns at th emoment, and will just be happy fixing the server.
 
Old 08-23-2009, 12:34 PM   #10
tredegar
LQ 5k Club
 
Registered: May 2003
Location: London, UK
Distribution: Debian "Jessie"
Posts: 6,085

Rep: Reputation: 398Reputation: 398Reputation: 398Reputation: 398
Quote:
whenever he tried to use the rar command, he recieved the error:

Quote:
bash-3.2$ rar
rar: /lib/libc.so.6: version `GLIBC_2.7' not found (required by rar)

but if he performed the command "/usr/bin/rar" it worked fine.

Also, if he ran the same binary under a different name it worked. i.e.

cp /usr/bin/rar /usr/bin/rar2

using command "rar2" it worked fine.
The above information is worrying, especially on a server.
The reason that it is worrying is that there seems to be an executable called rar which is on your $PATH and is being found before the version at /usr/bin/rar

What is the output of which rar ?
I'll be surprised if it's /usr/bin/rar (which is what it should be)
I hope you have not been running "rar" (which may not be rar at all) as root.

Last edited by tredegar; 08-23-2009 at 12:35 PM.
 
Old 08-23-2009, 12:38 PM   #11
onesikgypo
Member
 
Registered: Jun 2008
Posts: 56

Original Poster
Rep: Reputation: 15
What is the output of which rar ?

- Not sure exactly what you meant by this


I should also note, that "rar" was working fine for several weeks until today. Today a tech tried to incorporate it into an ftpd server that we are running, and somehow during that process he "broke" rar.

Also, no, rar wasnt being run as root.
 
Old 08-23-2009, 12:45 PM   #12
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,063

Rep: Reputation: 381Reputation: 381Reputation: 381Reputation: 381
Something strange happened in there. I'd give rkhunter, chkrootkit and clamav a round just in case. But that's another issue.

About the rar being broken, usually it's a better idea to recompile the binary or download one that matches your glibc, however I think that rar is closed so that might not be an option. A valid solution for this would be to use an alternate libc, via LD_PRELOAD or something. But overwritting the glocal libc (which as I said is used by all the binaries in your system) is never a good idea. Gosh, it's problematic even when you do it in a controlled fashion using your package manager, imagine when you throw a critical library like that in there without even checking that it's compatible with your binaries' ABI.
 
Old 08-23-2009, 12:51 PM   #13
onesikgypo
Member
 
Registered: Jun 2008
Posts: 56

Original Poster
Rep: Reputation: 15
well i believe that maybe when he was getting the rar binary to work with the ftpd servers, which initself required the copying of the relevant binaries and lib's - as they are run in isolation of the box, and just within the ftpd, he may have inadvertadly messed up how the normal rar binary execution occurred. Also believe he wasnt really paying attention to which lib he was replacing, as yes you are correct in saying that it is extremely risky to mess around wiht such an important library.

I'm not too worried about there being any rootkits, with passwords on accounts changing weekly, and iptables blocking both incoming and outgoing connections except on specific limited ports - some also limited by sourceip and destination ip - the box is fairly safe from such things.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
serious problem after copying file to /usr/lib mfstree Solaris / OpenSolaris 4 06-25-2008 10:12 PM
[SOLVED] No _sqlite3.so in /usr/lib/python2.5/lib-dynload rshepard Slackware 3 11-12-2007 03:59 PM
oops, I stripped /usr/lib and /usr/X11R6/lib ! H_TeXMeX_H Slackware 2 02-08-2007 10:27 PM
audacity unable to locate required lib files present in /usr/lib/ adityavpratap Slackware 4 11-30-2006 07:06 AM
Compromised? Files "/usr/lib.hwm", "/usr/lib.pwd", "/usr/lib.pwi" Klaus Pforte Linux - Security 4 09-29-2004 12:33 AM


All times are GMT -5. The time now is 10:35 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration