client: keybase-mount-helper segfaults with LD_LIBRARY_PATH set

After a long process of debugging (because almost no tools worked for this, being a setuid situation), I have figured out that keybase-mount-helper segfaults very early on in execution if LD_LIBRARY_PATH, and likely other environment variables that could cause security problems, are set at all.

My first thought is unsetting LD_LIBRARY_PATH and anything else that breaks in run_keybase before starting keybase-mount-helper, but I worry that this might break other things, or else I’d try to make a PR.

About this issue

  • Original URL
  • State: closed
  • Created 6 years ago
  • Comments: 27 (14 by maintainers)

Commits related to this issue

Most upvoted comments

For anyone interested, the Linux releases with the root redirector just went live, and we put up instructions on how to turn it off under the “Mountpoints” section here: https://keybase.io/docs/kbfs/understanding_kbfs

+1
strib on Mar 8, 2018

@mystfox and other Arch users: I made a keybase-bin pacman package for you to try with the fix f7b7d96:

https://keybase.pub/strib/keybase-bin-1.0.44_20180301212225%2Bf7b7d96e40-1-x86_64.pkg.tar.xz

Let me know if this helps! I still don’t really understand the problem, but it seems like doing a setuid to a non-root user causes the issue on some systems. Not sure what that has to do with LD_LIBRARY_PATH, but switching to setuid(0) seems to do the trick…

+1
strib on Mar 2, 2018

https://bugs.archlinux.org/task/57336

If this is a general issue with dynamically linked golang binaries that are SUID, I wonder why they are using vsyscall at all… might be worth taking this to the golang developers. 😉

(No comment on the existence of this specific SUID binary.)

+1
eli-schwartz on Feb 12, 2018
Read more comments on GitHub
← client: keybase login fails although gpg and private key are installed
client: keybase rekey warning, cannot rekey →