[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libltdl is inefficient and a security hazard
|
From: |
Bob Friesenhahn |
|
Subject: |
Re: libltdl is inefficient and a security hazard |
|
Date: |
Thu, 5 Nov 2009 12:37:18 -0600 (CST) |
|
User-agent: |
Alpine 2.01 (GSO 1266 2009-07-14) |
Under OS-X Leopard, I see that a directory under my home directory
("/Users/bfriesen/lib/") gets searched when loading a module. This
does not seem very secure since an ordinary user can write to this
directory and put an exploit there. I am not immediately seeing a
reason for this:
% sudo dtruss ./ltdlopentest ./mymodule.la 2>&1 | grep mymodule.a
stat("mymodule.a\0", 0xBFFFD920, 0xBFFFF3D8) = -1 Err#2
stat("/Users/bfriesen/lib/mymodule.a\0", 0xBFFFE140, 0xBFFFF3D8)
= -1 Err#2
stat("/usr/local/lib/mymodule.a\0", 0xBFFFE150, 0xBFFFF3D8) = -1
Err#2
stat("/usr/lib/mymodule.a\0", 0xBFFFE150, 0xBFFFF3D8) = -1 Err#2
Do other OS-X Leopard users see something similar?
Bob
--
Bob Friesenhahn
address@hidden, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/04
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard,
Bob Friesenhahn <=
- Re: libltdl is inefficient and a security hazard, Peter O'Gorman, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Peter O'Gorman, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05