Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cannot read libgo_cosmwasm.so for non-root user #43

Closed
webmaster128 opened this issue Jan 23, 2020 · 3 comments · Fixed by #106
Closed

Cannot read libgo_cosmwasm.so for non-root user #43

webmaster128 opened this issue Jan 23, 2020 · 3 comments · Fixed by #106
Labels
wontfix This will not be worked on

Comments

@webmaster128
Copy link
Member

webmaster128 commented Jan 23, 2020
edited
Loading

In the docker image 0cf23ed945ee from https://hub.docker.com/r/cosmwasm/wasmd/tags, I cannot run wasmcli as a different user than root. This is because libgo_cosmwasm.so cannot be loaded:

# ok
$ docker exec wasmd ldd /go/bin/wasmcli 
        linux-vdso.so.1 (0x00007ffda2186000)
        librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f41862ee000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f41862cd000)
        libgo_cosmwasm.so => /go/pkg/mod/github.com/confio/[email protected]/api/libgo_cosmwasm.so (0x00007f4185e5a000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f4185c99000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f41862fe000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f4185c94000)
        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f4185c78000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f4185af5000)

# ok
$ docker exec --user="0" wasmd ldd /go/bin/wasmcli
        linux-vdso.so.1 (0x00007ffd83f8a000)
        librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007f17953b4000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007f1795393000)
        libgo_cosmwasm.so => /go/pkg/mod/github.com/confio/[email protected]/api/libgo_cosmwasm.so (0x00007f1794f20000)
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f1794d5f000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f17953c4000)
        libdl.so.2 => /lib/x86_64-linux-gnu/libdl.so.2 (0x00007f1794d5a000)
        libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f1794d3e000)
        libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f1794bbb000)

# lib missing
docker exec --user="$UID" wasmd ldd /go/bin/wasmcli
        linux-vdso.so.1 (0x00007ffe8e3e2000)
        librt.so.1 => /lib/x86_64-linux-gnu/librt.so.1 (0x00007fe026036000)
        libpthread.so.0 => /lib/x86_64-linux-gnu/libpthread.so.0 (0x00007fe026015000)
        libgo_cosmwasm.so => not found
        libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007fe025e54000)
        /lib64/ld-linux-x86-64.so.2 (0x00007fe026046000)

This is because a different user cannot access /go/pkg/mod/github.com/confio/[email protected]:

$ docker exec --user="$UID" wasmd ls -lA /go/pkg/mod/github.com/confio/[email protected]
ls: cannot open directory '/go/pkg/mod/github.com/confio/[email protected]': Permission denied

$ docker exec --user="$UID" wasmd ls -lA /go/pkg/mod/github.com/confio
total 4
dr-x------ 7 root root 4096 Jan 22 15:02 [email protected]

I wonder where those restrictive permission settings come from.
@webmaster128 webmaster128 mentioned this issue Jan 23, 2020
Merged
@ethanfrey ethanfrey mentioned this issue Jan 23, 2020
Merged
@ethanfrey
Copy link
Member

I think all scripts run this as root without issue currently.

Is this still an issue? Both, is the behavior the same (I think so)? And does this still need to change (I think not)?

@ethanfrey ethanfrey added the wontfix This will not be worked on label Mar 12, 2020
@webmaster128
Copy link
Member Author

The issue still exists. Even if no priority, I think it is annoying and unexpected that you can't execute wasmcli (or other binaries) as different users.

I think I found the core of it. The go module system downloads an extracts packages into temporary folders created by ioutil.TempDir, which creates the folders for the current user only. Then makeDirsReadOnly removes the write flags for all users, converting 700 to 500.

A lot of people are discussing for years about the missing write flag, which prevents you from deleting the cache with rm -r and Go 1.14 got a flag to make those directories writeable. But nobody seems to care that this stuff is accessingle to one user only.

Now I wonder if the proper way to do this is to install the library from the root only location /go/pkg/mod/github.com/confio/[email protected]/api/libgo_cosmwasm.so to a common place for libraries.

@ethanfrey
Copy link
Member

Now I wonder if the proper way to do this is to install the library from the root only location /go/pkg/mod/github.com/confio/[email protected]/api/libgo_cosmwasm.so to a common place for libraries.

The *.so file needs to be in the proper location where the go binary expects it (try ldd on the go binary). If you move it, the go binary breaks. If we get static binaries, this goes away. Otherwise, yeah, I guess simply changing the permissions on the location would work.

I guess we could add a chmod to the wasmd-demo docker file?

@webmaster128 webmaster128 mentioned this issue Apr 4, 2020
Merged
loloicci pushed a commit to loloicci/wasmd that referenced this issue Jun 14, 2023
@da1suk8
fix: delete unnecessary test (CosmWasm#43)
8518b2f 
* fix: delete unnecessary test

* docs: add CHANGELOG
loloicci added a commit to loloicci/wasmd that referenced this issue Aug 19, 2024
@loloicci @zemyblue
@jaeseung-bae @da1suk8 @tkxkd0159
build: merge main and update to use [email protected] (
2e0fe8b 
…CosmWasm#53)

* build: replace line repositories with finschia repositories (CosmWasm#30)

* build: replace line repositories with finschia repositories

* Update x/wasmplus/README.md

Co-authored-by: zemyblue <[email protected]>

* Update x/wasm/ibc_reflect_test.go

Co-authored-by: zemyblue <[email protected]>

* Update .github/dependabot.yml

Co-authored-by: jaeseung-bae <[email protected]>

* Update CHANGELOG.md

Co-authored-by: jaeseung-bae <[email protected]>

* Update CHANGELOG.md

Co-authored-by: jaeseung-bae <[email protected]>

* docs: replace a comment contains line with finschia one

* build: replace line in Dockerfile with finschia

* docs: replace line in README.md with Finschia

* docs: update CHANGELOG

---------

Co-authored-by: zemyblue <[email protected]>
Co-authored-by: jaeseung-bae <[email protected]>

* chore: update changelog for release v0.1.3 (CosmWasm#31)

* fix: stop wrap twice the response of handling non-plus wasm message in plus handler (CosmWasm#35)

* fix: stop wrap twice non-plus wasm hander's response

fix Finschia#33

* test: add tests handling non-plus wasm messages

* docs: add this PR to CHANGELOG.md

* fix: reflect golangci-lint

* fix: simplify how to handle the message in wasmplus

* chore: update notice (CosmWasm#44)

* chore: update notice

* chore: update changelog

* fix: delete unnecessary test (CosmWasm#43)

* fix: delete unnecessary test

* docs: add CHANGELOG

* feat: add admin-related events (CosmWasm#46)

* add admin-related events in docs
* fix ClearAdmin event
* cherry-pick upstream admin-related events update

* chore: update changelog for release v0.1.4 (CosmWasm#49)

* build: update depending wasmvm to v1.1.1-0.11.2-dynamiclink2 and update tests

---------

Co-authored-by: zemyblue <[email protected]>
Co-authored-by: jaeseung-bae <[email protected]>
Co-authored-by: Daisuke Iuchi <[email protected]>
Co-authored-by: Jayden Lee <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Install libgo_cosmwasm.so to shared location CosmWasm/wasmd
2 participants
@webmaster128 @ethanfrey