[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] RFC: changing the behaviour of ld.so(8) regarding empty items on LD_LIBRARY_PATH
From:       Tim Brown <timb () nth-dimension ! org ! uk>
Date:       2010-09-29 6:08:10
Message-ID: 201009290708.13843.timb () nth-dimension ! org ! uk
[Download RAW message or body]


On Wednesday 29 September 2010 00:42:05 Raphael Geissert wrote:
> Hi everyone,
> 
> I have talked to one of the eglibc Debian maintainers about making ld.so
> ignore empty items on LD_LIBRARY_PATH instead of treating them as '.', and
> he doesn't have any objection.
> 
> Although this is a behaviour change, I do not think there is any real case
> where an empty item was added in purpose (I even have yet to see one that
> uses '.'.)
> We are therefore considering making this change starting with our next
> stable release.
> 
> What do the others think about it? do you think you would follow that
> change too?
> 
> This change has been proposed by some people multiple times along the
> years, yet nothing has changed (not even properly discussed, I believe.)
> Has this change ever been proposed to glibc upstream? (maybe the RedHat
> people can help with this.)
> 
> 
> There is a similar issue with $PATH, but we have no plans for it so far
> (execvp(8) claims ":/bin:/usr/bin" is the default if $PATH is unset, in
> some setups.)

You have my vote, I proposed the very same on oss-security a couple of weeks 
back (http://www.openwall.com/lists/oss-security/2010/08/29/4).  I'm actually 
working on a paper about exploiting the linker at the moment (seems many 
people don't fully understand it), I'll be more than happy to share it when 
it's complete.

Tim
-- 
Tim Brown
<mailto:timb@nth-dimension.org.uk>
<http://www.nth-dimension.org.uk/>

["signature.asc" (application/pgp-signature)]

[prev in list] [next in list] [prev in thread] [next in thread]