Search this site:

2010-01-30

How to screw up a Solaris with the crle command


I was helping a friend to setup an web album on Solaris 5.8. To enable thumbnail resizing when user upload photos to the album, I grabbed an pre-complied netpbm from sunfreeware.com and installed on the server. The installation was successful but the utilities failed to find some libraries which are already located in /usr/local/netpbm/lib. Obviously this is a problem of the shared library path and could be solved easily by adding the path to LD_LIBRARY_PATH environment variable. However, as said the utilities would be used by web server, I don't really want to modify the startup script. Instead I go for the crle solution, which update the system default search path when linking shared libraries.

Blow is what I did (DO NOT FOLLOW THIS, YOU ARE WARNED):

  1. Login the system remotely via SSH using a non-privileged account
  2. Glancing through the man page of clre on adding a default path, and i found the -l option.
  3. Using sudo to issue the command: sudo clre -l /usr/local/netpbm/lib
  4. Test the netpbm utilities again and hurray, they worked!!!
It would be really nice if life had ever been that simple. Experienced Solaris guys would have already noticed the problem here: the -l option REPLACES the default search path with the provided one if the -u option is not specified. In other words, the system now only search for shared libraries in /usr/local/netpbm/lib, not even /usr/lib nor /usr/local/lib. Most binaries on the system were no longer working. They includes, sshd, telnetd, and... bash!!!

OK, already running processes were not affected since the linking had already completed before the changes effected, so I was still with the shell. The clre command was working too. It seemed that I could correct the problem with the command immediately. But sorry, no, I couldn't. Changing the system default search path requires root privileges, and commands like su and sudo WAS NOT WORKING!!! One may suggest me to add back those /usr/lib and /usr/local/lib to the LD_LIBRARY_PATH environment variable so that I can su/sudo in the current session. No it didn't work either because setuid scripts like su/sudo would ignore the variable for security reasons. I even tried to search for privilege escalation exploits for Solaris 5.8, but unfortunately (or you can say fortunately) the system had been well patched...

It was 3am in the midnight and no operators were working... Well, even someone was, I don't think he/she could help me since they can't even login with getting bash to work.

So, the system was completed screwed up.

What's the solution? I finally rushed to the server room on the next day, boot the system with a Solaris boot CD and fix the default search path...

Hmm.... here are what I've learnt in this incident:
  1. Please read the man page really carefully.
  2. sudo command is somehow really dangerous... This was not the first time I screwed up a system with it... Maybe next time when I am doing things like this I should really consider a su so that I can at least keep a root session...

Anyway, I hope this sharing of my stupidity does save someone from similar issues...

2010-01-09

Backspace in Explorer of Windows 7


I suddenly noticed today that the backspace key in Windows Explorer of Windows 7 has a different effect than that of Windows XP. In the XP days, the backspace key brought you 1 directory level up, just like the command "cd ..", while in Windows 7, it bring you to the last folder you were in instead, i.e. the command "cd -" in the Unix family.

Just a funny discovery.

Disclaimer

ALL CONTENTS AND INFORMATION IN THIS WEB SITE ARE PROVIDED "AS IT" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED. THE ACCURACY AND AVAILABILITY OF THE CONTENTS, INFORMATION AND THE WEB SITE ITSELF ARE NOT GUARANTEED. THE AUTHOR TAKES NO RESPONSIBILITIES ON ANY COSTS OR DAMAGES (DIRECT OR INDIRECT) ARISING OUT OF OR IN CONNECTION WITH THE ACCESS, USAGE OR INABILITY OF USAGE OF THIS WEB SITE.