[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libltdl is inefficient and a security hazard

From: Bob Friesenhahn
Subject: Re: libltdl is inefficient and a security hazard
Date: Thu, 5 Nov 2009 12:37:18 -0600 (CST)
User-agent: Alpine 2.01 (GSO 1266 2009-07-14)

Under OS-X Leopard, I see that a directory under my home directory ("/Users/bfriesen/lib/") gets searched when loading a module. This does not seem very secure since an ordinary user can write to this directory and put an exploit there. I am not immediately seeing a reason for this:

% sudo dtruss ./ltdlopentest ./mymodule.la 2>&1 | grep mymodule.a
stat("mymodule.a\0", 0xBFFFD920, 0xBFFFF3D8)             = -1 Err#2
stat("/Users/bfriesen/lib/mymodule.a\0", 0xBFFFE140, 0xBFFFF3D8)                
 = -1 Err#2
stat("/usr/local/lib/mymodule.a\0", 0xBFFFE150, 0xBFFFF3D8)              = -1 
stat("/usr/lib/mymodule.a\0", 0xBFFFE150, 0xBFFFF3D8)            = -1 Err#2

Do other OS-X Leopard users see something similar?

Bob Friesenhahn
address@hidden, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]