I was helping a friend to setup an web album on Solaris 5.8. To enable thumbnail resizing when user upload photos to the album, I grabbed an pre-complied netpbm from sunfreeware.com and installed on the server. The installation was successful but the utilities failed to find some libraries which are already located in /usr/local/netpbm/lib. Obviously this is a problem of the shared library path and could be solved easily by adding the path to LD_LIBRARY_PATH environment variable. However, as said the utilities would be used by web server, I don't really want to modify the startup script. Instead I go for the crle solution, which update the system default search path when linking shared libraries.
Blow is what I did (DO NOT FOLLOW THIS, YOU ARE WARNED):
- Login the system remotely via SSH using a non-privileged account
- Glancing through the man page of clre on adding a default path, and i found the -l option.
- Using sudo to issue the command: sudo clre -l /usr/local/netpbm/lib
- Test the netpbm utilities again and hurray, they worked!!!
OK, already running processes were not affected since the linking had already completed before the changes effected, so I was still with the shell. The clre command was working too. It seemed that I could correct the problem with the command immediately. But sorry, no, I couldn't. Changing the system default search path requires root privileges, and commands like su and sudo WAS NOT WORKING!!! One may suggest me to add back those /usr/lib and /usr/local/lib to the LD_LIBRARY_PATH environment variable so that I can su/sudo in the current session. No it didn't work either because setuid scripts like su/sudo would ignore the variable for security reasons. I even tried to search for privilege escalation exploits for Solaris 5.8, but unfortunately (or you can say fortunately) the system had been well patched...
It was 3am in the midnight and no operators were working... Well, even someone was, I don't think he/she could help me since they can't even login with getting bash to work.
So, the system was completed screwed up.
What's the solution? I finally rushed to the server room on the next day, boot the system with a Solaris boot CD and fix the default search path...
Hmm.... here are what I've learnt in this incident:
- Please read the man page really carefully.
- sudo command is somehow really dangerous... This was not the first time I screwed up a system with it... Maybe next time when I am doing things like this I should really consider a su so that I can at least keep a root session...
Anyway, I hope this sharing of my stupidity does save someone from similar issues...