Bug#48544: libc6: search path for shared libraries includes current directory

28 Oct 1999 14:40:25 -0000 

severity 48544 normal
thanks

At 23:33 -0700 1999-10-27, Zack Weinberg wrote: 
I have marked this bug critical because it may be a catastrophic security
hole.  If the dynamic linker does not exhibit the behavior I describe below
for set-id binaries, then feel free to downgrade it.

I do not have any LD_* environment variables set, but for certain binaries
(such as perl) the dynamic linker scans the current directory and several
nonexistent subdirs of the current directory for shared libraries BEFORE it
checks /lib, /usr/lib, and the paths set in ld.so.conf.  I suspect that
this is a bug in the processor-specific library support.


This looks to be a problem caused by perl apparently having a RPATH of 
nothing.

From objdump -p /usr/bin/perl:

[...]
Dynamic Section:
  NEEDED      libnsl.so.1
  NEEDED      libdb.so.3
  NEEDED      libgdbm.so.1
  NEEDED      libdl.so.2
  NEEDED      libm.so.6
  NEEDED      libc.so.6
  NEEDED      libcrypt.so.1
  RPATH
[...]

% strace -eopen /lib/ld-2.1.2.so --inhibit-rpath '' /usr/bin/perl -e 'exit 0'
open("/usr/bin/perl", O_RDONLY) = 3
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libnsl.so.1", O_RDONLY) = 3
open("/lib/libdb.so.3", O_RDONLY) = 3
open("/usr/lib/libgdbm.so.1", O_RDONLY) = 3
open("/lib/libdl.so.2", O_RDONLY) = 3
open("/lib/libm.so.6", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY) = 3
open("/lib/libcrypt.so.1", O_RDONLY) = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/i18n/locale.alias", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_MONETARY", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_COLLATE", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_TIME", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_NUMERIC", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_CTYPE", O_RDONLY) = 3
open("/usr/lib/gconv/gconv-modules", O_RDONLY) = 3
open("/usr/lib/gconv/ISO8859-1.so", O_RDONLY) = 3
open("/dev/null", O_RDONLY) = 3

--
Joel Klecker (aka Espy)                    Debian GNU/Linux Developer
<URL:mailto:[EMAIL PROTECTED]>                 <URL:mailto:[EMAIL PROTECTED]>
<URL:http://web.espy.org/>               <URL:http://www.debian.org/>

Reply via email to