[Fedora] libtool-ltdl uses relative paths to resolve and load libraries
To: bugtraq@securityfocus.com
Subject: [Fedora] libtool-ltdl uses relative paths to resolve and load libraries
From: Enrico Scholz <enrico.scholz@informatik.tu-chemnitz.de.>
Date: Tue, 10 Oct 2006 20:57:23 +0200
Message-ID: <87u02cc830.fsf@kosh.bigo.ensc.de.>
User-Agent: Gnus/5.1007 (Gnus v5.10.7) XEmacs/21.4.19 (linux)
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
micalg=pgp-sha512; protocol="application/pgp-signature"
X-Provags-ID: kundenserver.de abuse@kundenserver.de login:cf015127439e61eb16a460417aa16ac1
X-Virus-Scanned: antivirus-gw at tyumen.ru
--=-=-=
Content-Transfer-Encoding: quoted-printable
Hello,
Fedora Core 5 ships the libtool-ltdl library which is used to load
dynamic modules. This package seems to be built with some strange setup
causing a search path of
| $ strings /usr/lib/libltdl.so
| /lib:/usr/lib:hwcap:0:nosegneg:/usr/lib/mysql:/usr/lib/mysql:/usr/lib/mys=
ql:/usr/lib/qt-3.3/lib
Effect is, that dynamic libraries are searched in three relative paths
('hwcap', '0' and 'nosegneg') and loaded from there:
| $ echo 'int main() { lt_dlinit(); lt_dlopenext("foo"); }' > foo.c
| $ gcc foo.c -lltdl
| # strace ./a.out=20
| open("/lib/foo.la", O_RDONLY) =3D -1 ENOENT (No such file or di=
rectory)
| open("/usr/lib/foo.la", O_RDONLY) =3D -1 ENOENT (No such file or di=
rectory)
| open("hwcap/foo.la", O_RDONLY) =3D -1 ENOENT (No such file or di=
rectory)
| open("0/foo.la", O_RDONLY) =3D -1 ENOENT (No such file or di=
rectory)
| open("nosegneg/foo.la", O_RDONLY) =3D 3
| ...
| open("/tmp/test/bin/nosegneg/foo.so", O_RDONLY) =3D 3
Mentioned paths are used also in /usr/bin/libtool:
| $ grep nosegneg /usr/bin/libtool
| sys_lib_dlsearch_path_spec=3D"/lib /usr/lib hwcap 0 nosegneg /usr/lib/mys=
ql /usr/lib/mysql /usr/lib/mysql /usr/lib/qt-3.3/lib "
but effect is unknown.
Impact:
low till medium
Affected:
Fedora Core 5 Updates (libtool-ltdl-1.5.22-2.3)
Not Affected:
Fedora Core 5 (libtool-ltdl-1.5.22-2.2)
Fedora Core Devel
Vendor was notified at 2006-10-08
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=3D209930
Enrico
--=-=-=
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)
iQEVAwUARSvtHTyfXseeoEz2AQoddQgAog4SntPaVUZo33YN3JNZjGuba+N5Q2+5
3GhSrR7ogFQXFAZGd5ikDuedeNzF5F/sTSRcJWaZpG/LxYhRr3P+ssKaJs7QN5hM
Ge/U5asEb+875Cz99NQv3fb7TzQy/tGE+6hp7Xc3UG/iYmkMZ/idTgtZXZmUjH14
Qm9EeS4Kb0CC9OXmToFwoGV46BXKAz6FRLB5pEJYCH35HRksqtbvpXEn7XH9jYw/
qeaZcbmfj/XKIdGs68DMS38mZfU7wZpr45bfXeX0ufqqa589hJ6i5w3eUkMWecS5
YsXiwpOLzZTG140ugzHDw+ktS9oKOHlXy7NolufMzkWfXgRWe1/MVw==
=27Gb
-----END PGP SIGNATURE-----
--=-=-=--
