[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: libltdl is inefficient and a security hazard
From: |
Bob Friesenhahn |
Subject: |
Re: libltdl is inefficient and a security hazard |
Date: |
Thu, 5 Nov 2009 17:18:32 -0600 (CST) |
User-agent: |
Alpine 2.01 (GSO 1266 2009-07-14) |
How does one open a CERT advisory?
Notice that the first thing that libltdl does (again a test under OS X
Leopard) is attempt to dynamically load mymodule.a from whatever
happens to be the current directory:
% sudo dtruss ./ltdlopentest /Users/bfriesen/src/graphics/test-progs/mymodule.la
2>&1 | grep 'mymodule\.'
plugin failed to open:
dlopen(/Users/bfriesen/src/graphics/test-progs/mymodule.so, 9): image not found
open_nocancel("/Users/bfriesen/src/graphics/test-progs/mymodule.la\0", 0x0,
0x1B6) = 3 0
stat("mymodule.a\0", 0xBFFFD8C0, 0xBFFFF378) = -1 Err#2
stat("/Users/bfriesen/lib/mymodule.a\0", 0xBFFFE0E0, 0xBFFFF378)
= -1 Err#2
stat("/usr/local/lib/mymodule.a\0", 0xBFFFE0F0, 0xBFFFF378) = -1
Err#2
stat("/usr/lib/mymodule.a\0", 0xBFFFE0F0, 0xBFFFF378) = -1 Err#2
stat("/Users/bfriesen/src/graphics/test-progs/mymodule.so\0", 0xBFFFD860,
0xBFFFF318) = -1 Err#2
stat("/Users/bfriesen/lib/mymodule.so\0", 0xBFFFE080, 0xBFFFF318)
= -1 Err#2
stat("/usr/local/lib/mymodule.so\0", 0xBFFFE090, 0xBFFFF318) = -1
Err#2
stat("/usr/lib/mymodule.so\0", 0xBFFFE090, 0xBFFFF318) = -1 Err#2
stat("/Users/bfriesen/src/graphics/test-progs/mymodule.so\0", 0xBFFFD860,
0xBFFFF318) = -1 Err#2
stat("/Users/bfriesen/lib/mymodule.so\0", 0xBFFFE080, 0xBFFFF318)
= -1 Err#2
stat("/usr/local/lib/mymodule.so\0", 0xBFFFE090, 0xBFFFF318) = -1
Err#2
stat("/usr/lib/mymodule.so\0", 0xBFFFE090, 0xBFFFF318) = -1 Err#2
Am I missing something obvious? Why do I feel like no one is taking
this security issue seriously at all? I first notified that libltdl
was wrongly dlopening() with a bare archive file name on October 25th
(and included system call traces from a number of systems) and it is
November 5th already.
Bob
--
Bob Friesenhahn
address@hidden, http://www.simplesystems.org/users/bfriesen/
GraphicsMagick Maintainer, http://www.GraphicsMagick.org/
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/04
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Peter O'Gorman, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard,
Bob Friesenhahn <=
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Peter O'Gorman, 2009/11/05
- Re: libltdl is inefficient and a security hazard, Bob Friesenhahn, 2009/11/05