Question & Answer
Question
Some applications set a global LIBPATH for my system. I have runtime library errors when I invoke some applications.
For example:
|
exec(): 0509-036 Could not load program sendmail because of the following errors:
0509-150 Dependent module /usr/ud/bin/libcrypto.a(libcrypto.so) could not be loaded.
0509-152 Member llibcrypto.so is not found in archive
|
Does the system-wide (global) LIBPATH (or LD_LIBRARY_PATH) cause these application errors? If so, what is the recommended solution?
Cause
In this sendmail example, we examine the LIBPATH.
|
# echo $LIBPATH
/usr/ud/bin:/usr/ud/lib:/usr/lib:/usr/local/easysoft/lib:/usr/local/easysoft/unixODBC/lib:/usr/local/easysoft/oraclewp/lib:/usr/local/easysoft/sqlserver/lib:/usr/local/easysoft/lib:/usr/local/easysoft/unixODBC/lib:/usr/local/easysoft/oracle wp/lib:/usr/local/easysoft/sqlserver/lib: |
The following system-wide (global) LIBPATH was set in /etc/profile:
| LIBPATH=$UDTBIN:$UDTLIB:/usr/lib:/usr/local/easysoft/lib:/usr/local/easysoft/unixODBC/lib:/usr/local/easysoft/oraclewp/lib:/usr/local/easysoft/sqlserver/lib:$LIBPATH export UDTHOME UDTBIN PATH UCONV MYIPADDRESS LIBPATH CLASSPATH ODBCPATH |
There is a non-AIX libcrypto.a in /usr/ud/bin that is loaded by the AIX sendmail application:
|
Could not load program sendmail:
Dependent module /usr/ud/bin/libcrypto.a(libcrypto.so) could not be loaded.
Member libcrypto.so is not found in archive
|
Answer
As demonstrated by the sendmail error, a global LIBPATH, or LD_LIBRARY_PATH, can cause conflicts for AIX or other applications.
AIX does not set a global LIBPATH environment variable. Most base AIX applications use the default library path information written in the loader section of the object file. The default library path information is the value of the LIBPATH environment variable if it is defined, and /usr/lib:/lib, otherwise.
We can use the dump command to examine the library search path.
|
# dump -Hv /usr/sbin/sendmail
The library search path is stored under index 0:
INDEX PATH BASE MEMBER
0 /usr/lib:/lib 1 libc.a shr.o 2 libpthreads.a shr_xpg5.o 3 libnsl.a shr.o 4 libcrypto.a libcrypto.so 5 libssl.a libssl.so 6 libsrc.a shr.o |
The custom system-wide (global) LIBPATH loads the non-AIX /usr/ud/bin/libcrypto.a first. This library does not have libcrypto.so. Even if this library did have libcrypto.so, it is not provided by AIX and might be missing symbols.
Some applications might require a custom LIBPATH. Setting a custom LIBPATH globally overrides the library loader domain for all applications that run with the system environment.
- Exception: A setuid or setgid program does not inherit the LIBPATH environment variable.
A global LIBPATH can cause several issues for applications when nondefault libraries are loaded first.
- Dependency conflicts
- Different applications or components might require different versions of the same library. If the wrong version is loaded, many failures might occur.
- For example
- 0509-130 Symbol resolution failed
- 0509-150 Dependent module <...> could not be loaded
- Incorrect architecture or bitness errors
- For example
- Different applications or components might require different versions of the same library. If the wrong version is loaded, many failures might occur.
- Debugging issues
- It is challenging to isolate and troubleshoot application errors with a custom LIBPATH that might provide a library unsupported by the application. Most product support teams require that the application is tested with default LIBPATH configuration.
- Maintenance issues
- Multiple third-party applications might provide custom versions of the same libraries, and application paths might vary by version, resulting in a lengthy and obsolete LIBPATH.
Additionally, a global LIBPATH might introduce security risks. For example, if there are vulnerabilities in applications that use libraries from directories specified in LIBPATH, attackers might attempt directory traversal attacks to trick the system into loading a malicious library.
Recommendations:
Always consider the specific requirements and security policies of your system before you configure environment variables like LIBPATH. It is recommended to configure library paths on a per-application or per-user basis rather than system-wide.
*** Consult with your application vendor to determine the best solution.
TIP: Some common methods include:
|
1) Set the environment variables in a file that is sourced when the application is started.
2) Create a wrapper script that sets the environment variables, then launches the application.
3) Use configuration files (INI, YAML, JSON, XML) that are read by the application. 4) Use command line arguments (must be supported and processed by the application).
5) Set the variables in the application user's .profile file.
6) Compile the application with the -L<dir> linker option to specify the library path.
|
| SUPPORT |
|---|
|
If you require more assistance, use the following step-by-step instructions to contact IBM to open a case for software with an active and valid support contract. 1. Document (or collect screen captures of) all symptoms, errors, and messages related to your issue. 2. Capture any logs or data relevant to the situation. 3. Contact IBM to open a case: -For electronic support, see the IBM Support Community: 4. Provide a clear, concise description of the issue. - For more information, see: Working with IBM AIX Support: Describing the problem. 5. If the system is accessible, collect a system snap, and upload all of the details and data for your case. - For more information, see: Working with IBM AIX Support: Collecting snap data |
Related Information
[{"Type":"MASTER","Line of Business":{"code":"LOB08","label":"Cognitive Systems"},"Business Unit":{"code":"BU058","label":"IBM Infrastructure w\/TPS"},"Product":{"code":"SWG10","label":"AIX"},"ARM Category":[{"code":"a8m0z000000cw3dAAA","label":"AIX Open Source"},{"code":"a8m3p000000PCScAAO","label":"Runtime"}],"ARM Case Number":"","Platform":[{"code":"PF002","label":"AIX"}],"Version":"All Versions"}]
Was this topic helpful?
Document Information
Modified date:
06 February 2024
UID
ibm17091281