[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: libltdl is inefficient and a security hazard

From: Bob Friesenhahn
Subject: Re: libltdl is inefficient and a security hazard
Date: Thu, 5 Nov 2009 17:41:30 -0600 (CST)
User-agent: Alpine 2.01 (GSO 1266 2009-07-14)

From OS-X Leopard manual page for dlopen():

     When path doesn't contain a slash character (i.e. it is just a leaf
     name), dlopen() searches the following the following until it finds
     a compatible Mach-O file: $LD_LIBRARY_PATH, $DYLD_LIBRARY_PATH, cur-
     rent working directory, $DYLD_FALLBACK_LIBRARY_PATH.

and this is why searching for bare "module.a" checks the current directory.

Here is evidence that there is an easy exploit:

scrappy:~% ./ltdlopentest /Users/bfriesen/src/graphics/test-progs/mymodule.la
plugin opened successfully!
scrappy:~% ls -l mymodule.a
lrwxr-xr-x  1 bfriesen  bfriesen  59 Nov  5 17:39 mymodule.a@ -> 
scrappy:~% ./ltdlopentest /Users/bfriesen/src/graphics/test-progs/mymodule.la
plugin opened successfully!

Bob Friesenhahn
address@hidden, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer,    http://www.GraphicsMagick.org/

reply via email to

[Prev in Thread] Current Thread [Next in Thread]