[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libltdl is inefficient and a security hazard
|
From: |
Bob Friesenhahn |
|
Subject: |
Re: libltdl is inefficient and a security hazard |
|
Date: |
Thu, 5 Nov 2009 10:55:14 -0600 (CST) |
|
User-agent: |
Alpine 2.01 (GSO 1266 2009-07-14) |
I am told that this issue will be ignored and not even discussed
unless I provide a formalized test case of some sort so that others
can witness the issue. To satisfy that requirement and so that
discussions of how to properly solve the problem can ensue, I have
attached a tarball with a small test case. It is not an autotest test
case since I don't know how to build such a test in a portable manner.
To test do (for SVR4, Solaris, & FreeBSD)
gcc -o ltdlopentest ltdlopentest.c -lltdl
truss ./ltdlopentest ./mymodule.la 2>&1 | grep mymodule.a
or (for Apple's OS-X Leopard or Solaris with DTrace Toolkit)
gcc -o ltdlopentest ltdlopentest.c -lltdl
sudo dtruss ./ltdlopentest ./mymodule.la 2>&1 | grep mymodule.a
or (for Linux)
gcc -o ltdlopentest ltdlopentest.c -lltdl
strace ./ltdlopentest ./mymodule.la 2>&1 | grep mymodule.a
Any output from grep is an indication of the bug. For example, from
Linux:
open("/lib/tls/x86_64/mymodule.a", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/lib/tls/mymodule.a", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/x86_64/mymodule.a", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/mymodule.a", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/lib/tls/x86_64/mymodule.a", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/tls/mymodule.a", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/x86_64/mymodule.a", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/mymodule.a", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/lib/x86_64-linux-gnu/tls/x86_64/mymodule.a", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/lib/x86_64-linux-gnu/tls/mymodule.a", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/lib/x86_64-linux-gnu/x86_64/mymodule.a", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/lib/x86_64-linux-gnu/mymodule.a", O_RDONLY) = -1 ENOENT (No such file or
directory)
open("/usr/lib/x86_64-linux-gnu/tls/x86_64/mymodule.a", O_RDONLY) = -1 ENOENT
(No such file or directory)
open("/usr/lib/x86_64-linux-gnu/tls/mymodule.a", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/usr/lib/x86_64-linux-gnu/x86_64/mymodule.a", O_RDONLY) = -1 ENOENT (No
such file or directory)
open("/usr/lib/x86_64-linux-gnu/mymodule.a", O_RDONLY) = -1 ENOENT (No such
file or directory)
Bob
--
Bob Friesenhahn
address@hidden, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
dlopenext-test.tar.gz
Description: Binary data
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/04
- Re: libltdl is inefficient and a security hazard,
Bob Friesenhahn <=
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Peter O'Gorman, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Peter O'Gorman, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05