Bug#48544: libc6: search path for shared libraries includes current directory
severity 48544 normal
thanks
At 23:33 -0700 1999-10-27, Zack Weinberg wrote:
I have marked this bug critical because it may be a catastrophic security
hole. If the dynamic linker does not exhibit the behavior I describe below
for set-id binaries, then feel free to downgrade it.
I do not have any LD_* environment variables set, but for certain binaries
(such as perl) the dynamic linker scans the current directory and several
nonexistent subdirs of the current directory for shared libraries BEFORE it
checks /lib, /usr/lib, and the paths set in ld.so.conf. I suspect that
this is a bug in the processor-specific library support.
This looks to be a problem caused by perl apparently having a RPATH of nothing.
From objdump -p /usr/bin/perl:
[...]
Dynamic Section:
NEEDED libnsl.so.1
NEEDED libdb.so.3
NEEDED libgdbm.so.1
NEEDED libdl.so.2
NEEDED libm.so.6
NEEDED libc.so.6
NEEDED libcrypt.so.1
RPATH
[...]
% strace -eopen /lib/ld-2.1.2.so --inhibit-rpath '' /usr/bin/perl -e 'exit 0'
open("/usr/bin/perl", O_RDONLY) = 3
open("/etc/ld.so.preload", O_RDONLY) = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY) = 3
open("/lib/libnsl.so.1", O_RDONLY) = 3
open("/lib/libdb.so.3", O_RDONLY) = 3
open("/usr/lib/libgdbm.so.1", O_RDONLY) = 3
open("/lib/libdl.so.2", O_RDONLY) = 3
open("/lib/libm.so.6", O_RDONLY) = 3
open("/lib/libc.so.6", O_RDONLY) = 3
open("/lib/libcrypt.so.1", O_RDONLY) = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3
open("/usr/share/i18n/locale.alias", O_RDONLY) = -1 ENOENT (No such
file or directory)
open("/usr/share/locale/en_US/LC_MESSAGES", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_MONETARY", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_COLLATE", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_TIME", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_NUMERIC", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_CTYPE", O_RDONLY) = 3
open("/usr/lib/gconv/gconv-modules", O_RDONLY) = 3
open("/usr/lib/gconv/ISO8859-1.so", O_RDONLY) = 3
open("/dev/null", O_RDONLY) = 3
--
Joel Klecker (aka Espy) Debian GNU/Linux Developer
<URL:mailto:jk@espy.org> <URL:mailto:espy@debian.org>
<URL:http://web.espy.org/> <URL:http://www.debian.org/>
Reply to: