lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 10 Oct 2006 20:57:23 +0200
From: Enrico Scholz <enrico.scholz@...ormatik.tu-chemnitz.de>
To: bugtraq@...urityfocus.com
Subject: [Fedora] libtool-ltdl uses relative paths to resolve and load libraries

Hello,

Fedora Core 5 ships the libtool-ltdl library which is used to load
dynamic modules. This package seems to be built with some strange setup
causing a search path of

| $ strings /usr/lib/libltdl.so
| /lib:/usr/lib:hwcap:0:nosegneg:/usr/lib/mysql:/usr/lib/mysql:/usr/lib/mysql:/usr/lib/qt-3.3/lib

Effect is, that dynamic libraries are searched in three relative paths
('hwcap', '0' and 'nosegneg') and loaded from there:

| $ echo 'int main() { lt_dlinit(); lt_dlopenext("foo"); }' > foo.c
| $ gcc foo.c -lltdl
| # strace ./a.out 
| open("/lib/foo.la", O_RDONLY)           = -1 ENOENT (No such file or directory)
| open("/usr/lib/foo.la", O_RDONLY)       = -1 ENOENT (No such file or directory)
| open("hwcap/foo.la", O_RDONLY)          = -1 ENOENT (No such file or directory)
| open("0/foo.la", O_RDONLY)              = -1 ENOENT (No such file or directory)
| open("nosegneg/foo.la", O_RDONLY)       = 3
| ...
| open("/tmp/test/bin/nosegneg/foo.so", O_RDONLY) = 3


Mentioned paths are used also in /usr/bin/libtool:

| $ grep nosegneg /usr/bin/libtool
| sys_lib_dlsearch_path_spec="/lib /usr/lib hwcap 0 nosegneg /usr/lib/mysql /usr/lib/mysql /usr/lib/mysql /usr/lib/qt-3.3/lib "

but effect is unknown.



Impact:
   low till medium

Affected:
   Fedora Core 5 Updates (libtool-ltdl-1.5.22-2.3)

Not Affected:
   Fedora Core 5 (libtool-ltdl-1.5.22-2.2)
   Fedora Core Devel

Vendor was notified at 2006-10-08
   https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209930




Enrico

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ