Re: libltdl is inefficient and a security hazard

bug-libtool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libltdl is inefficient and a security hazard

From:	Bob Friesenhahn
Subject:	Re: libltdl is inefficient and a security hazard
Date:	Thu, 5 Nov 2009 17:18:32 -0600 (CST)
User-agent:	Alpine 2.01 (GSO 1266 2009-07-14)

How does one open a CERT advisory?

Notice that the first thing that libltdl does (again a test under OS XLeopard) is attempt to dynamically load mymodule.a from whateverhappens to be the current directory:


% sudo dtruss ./ltdlopentest /Users/bfriesen/src/graphics/test-progs/mymodule.la 
2>&1 | grep 'mymodule\.'
plugin failed to open: 
dlopen(/Users/bfriesen/src/graphics/test-progs/mymodule.so, 9): image not found
open_nocancel("/Users/bfriesen/src/graphics/test-progs/mymodule.la\0", 0x0, 
0x1B6)               = 3 0
stat("mymodule.a\0", 0xBFFFD8C0, 0xBFFFF378)             = -1 Err#2
stat("/Users/bfriesen/lib/mymodule.a\0", 0xBFFFE0E0, 0xBFFFF378)                
 = -1 Err#2
stat("/usr/local/lib/mymodule.a\0", 0xBFFFE0F0, 0xBFFFF378)              = -1 
Err#2
stat("/usr/lib/mymodule.a\0", 0xBFFFE0F0, 0xBFFFF378)            = -1 Err#2
stat("/Users/bfriesen/src/graphics/test-progs/mymodule.so\0", 0xBFFFD860, 
0xBFFFF318)            = -1 Err#2
stat("/Users/bfriesen/lib/mymodule.so\0", 0xBFFFE080, 0xBFFFF318)               
 = -1 Err#2
stat("/usr/local/lib/mymodule.so\0", 0xBFFFE090, 0xBFFFF318)             = -1 
Err#2
stat("/usr/lib/mymodule.so\0", 0xBFFFE090, 0xBFFFF318)           = -1 Err#2
stat("/Users/bfriesen/src/graphics/test-progs/mymodule.so\0", 0xBFFFD860, 
0xBFFFF318)            = -1 Err#2
stat("/Users/bfriesen/lib/mymodule.so\0", 0xBFFFE080, 0xBFFFF318)               
 = -1 Err#2
stat("/usr/local/lib/mymodule.so\0", 0xBFFFE090, 0xBFFFF318)             = -1 
Err#2
stat("/usr/lib/mymodule.so\0", 0xBFFFE090, 0xBFFFF318)           = -1 Err#2

Am I missing something obvious? Why do I feel like no one is takingthis security issue seriously at all? I first notified that libltdlwas wrongly dlopening() with a bare archive file name on October 25th(and included system call traces from a number of systems) and it isNovember 5th already.


Bob
--
Bob Friesenhahn
address@hidden, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

[Prev in Thread]

Current Thread

[Next in Thread]

Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/04
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
  - Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
    - Re: libltdl is inefficient and a security hazard, Peter O'Gorman, 2009/11/05
    - Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
    - Re: libltdl is inefficient and a security hazard, Bob Friesenhahn <=
    - Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
    - Re: libltdl is inefficient and a security hazard, Peter O'Gorman, 2009/11/05
    - Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05

Prev by Date: Re: libltdl is inefficient and a security hazard
Next by Date: Re: libltdl is inefficient and a security hazard
Previous by thread: Re: libltdl is inefficient and a security hazard
Next by thread: Re: libltdl is inefficient and a security hazard
Index(es):
- Date
- Thread