Hello,
as far as I remember the /usr/bin/crle command wasn't part of standard Solaris at least prior to Solaris 8 (I don't have Solaris 8 at hand to check for that), but only in Trusted Solaris versions.
Instead Solaris supports some environment variables which are valuable in this context:
- LD_LIBRARY_PATH - LD_RUN_PATH
The former is to be set at runtime in order to tell the dynamic loader where to search for the shared libraries a program needs for running (this variable is mentioned in the Solaris man-page for "ld" together with the "-L" option).
The latter can be used instead of the "-R" option of "ld", but when you both set that environment variable and use the "-R" option the option has precedence (see the "ld" man-page for details).
My personal preference is to use LD_LIBRARY_PATH since this gives me the possibility to move a shared library to another place in the filesystem without need to relink the application (as is the case e.g. with HP-UX).
The disadvantage of doing so is that it's possible (in a rather easy way) to build a trojan horse (a shared library with the same name but placed in a private directory and doing unwanted things when called from any application) and to let the application use that wrong library simply by setting LD_LIBRARY_PATH accordingly.
The most problematic aspects for this are with setuid-root programs which (fortunately) do not use LD_LIBRARY_PATH due to that security flaw, but a lot of other applications might be a problem in regard to security aspects.
In placing all shared libs into directories where only administrators might write to and using either /usr/bin/crle (if available) or "-R" when linking applications using shared libraries you might prevent someone from fooling you with such a trojan horse. As far as I know that was the reason for introducing /usr/bin/crle in Trusted Solaris.
Johannes
Dave Shield schrieb:
Bruce> ld.so.1: ./snmpd: fatal: libcrypto.so.0.9.7: open failed: Bruce> No such file or directory.
Thomas> Use /usr/bin/clre on Solaris 8 (and higher) to add /usr/local/ssl/lib Thomas> to the loader search patch for *all* applications, or put Thomas> "-R/usr/local/ssl/lib" into LDFLAGS at net-snmp compile time.
This probably needs to be mentioned in the README.solaris file. Would one of you like to suggest an appropriate phrasing....
Dave
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Net-snmp-coders mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
-- Johannes Schmidt-Fischer
InterFace AG phone +49 (0)89 / 610 49 - 207 Leipziger Str. 16 fax +49 (0)89 / 610 49 - 85 D-82008 Unterhaching mobile +49 (0)171/ 787 76 01 http://www.InterFace-AG.com mailto:[EMAIL PROTECTED]
-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Net-snmp-coders mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/net-snmp-coders
