[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: Re: [oss-security] RFC: changing the behaviour of ld.so(8) regarding empty items on LD_LIBRARY_PATH
From: Tim Brown <timb () nth-dimension ! org ! uk>
Date: 2010-09-29 6:08:10
Message-ID: 201009290708.13843.timb () nth-dimension ! org ! uk
[Download RAW message or body]
On Wednesday 29 September 2010 00:42:05 Raphael Geissert wrote:
> Hi everyone,
>
> I have talked to one of the eglibc Debian maintainers about making ld.so
> ignore empty items on LD_LIBRARY_PATH instead of treating them as '.', and
> he doesn't have any objection.
>
> Although this is a behaviour change, I do not think there is any real case
> where an empty item was added in purpose (I even have yet to see one that
> uses '.'.)
> We are therefore considering making this change starting with our next
> stable release.
>
> What do the others think about it? do you think you would follow that
> change too?
>
> This change has been proposed by some people multiple times along the
> years, yet nothing has changed (not even properly discussed, I believe.)
> Has this change ever been proposed to glibc upstream? (maybe the RedHat
> people can help with this.)
>
>
> There is a similar issue with $PATH, but we have no plans for it so far
> (execvp(8) claims ":/bin:/usr/bin" is the default if $PATH is unset, in
> some setups.)
You have my vote, I proposed the very same on oss-security a couple of weeks
back (http://www.openwall.com/lists/oss-security/2010/08/29/4). I'm actually
working on a paper about exploiting the linker at the moment (seems many
people don't fully understand it), I'll be more than happy to share it when
it's complete.
Tim
--
Tim Brown
<mailto:timb@nth-dimension.org.uk>
<http://www.nth-dimension.org.uk/>
["signature.asc" (application/pgp-signature)]
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic