ld.so.preload of libmediaclient.so is *very* harmful

[Andrew Bartlett]

On Thu, 2011-02-03 at 13:28 +0100, c.hoffmann at bnet.at wrote:
> Could finish provision!
> There was a problem with the libmediaclient.so which is installed with the
> driver for my tv-card (sundtek) I am using.
> Deinstalled the driver and did provision again, this time it worked!
> Reinstall the driver and it hopefully does not interfere with samba4.
> 
> br

After a very good guess by tridge, I found:
http://www.sundtek.com/support/install.sh.txt

This script, which I presume you used, modifies /etc/ld.so.preload, and
causes libmediaclient.so to be preloaded into every single process on
the system.  Any process that calls net_read() will call into your TV
card driver, and will break badly.

You are lucky that you only got a hang, as the preloading (equivalent to
LD_PRELOAD set over every program on the system) of Sundtek's
libmediaclient.so could easily have caused a segfault, or simply random
data corruption. 

I suggest you never install this library on any system for which you
care for it's integrity.  Once loaded, this library can override any
function in any program, with all the checks overridden.  We have taken
considerable care to ensure that we don't use random library functions,
but cannot prevent a preload. 

I've observed other backtraces on the net showing this library providing
functions as basic as 'poll', so even avoiding using a function by this
particular name won't help. 

You could, as suggested in the sundtek forums, simply load this library
for the only particular applications you need using LD_PRELOAD, but I
would simply recommend avoiding this code entirely.  

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.