[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    Re: [oss-security] Fixing the glibc runtime linker
From:       John Haxby <john.haxby () oracle ! com>
Date:       2015-02-25 12:36:02
Message-ID: 54EDC1B2.9000602 () oracle ! com
[Download RAW message or body]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

On 19/02/15 22:19, Tim Brown wrote:
> What's the fix?
> 
> More often than not, the underlying issue is an empty element 
> within the DT_RPATH header or equivalent. Sometimes it's not, but 
> even in those cases, it is largely that one or more elements isn't 
> qualifed (i.e. it doesn't start with /). The attached patch fixes 
> this, by ignoring any elements of DT_RPATH, LD_LIBRARY_PATH that
> do not start with a /, and/or junking any use of dlopen where the 
> filename is likewise unqualified.

What about things like -Wl,-rpath=/tmp ?

That one is particularly egregious and, as Casper mentioned, there are
other ways of getting stupid RPATHs.  I've seen a fair number of them :)

Would it be useful to check to see if and rpath directory is not
writable by the someone other than the uid/euid?  Of course, it does
nothing for an RPATH that goes over NFS.

The Fedora packaging guidelines forbid the use of rpath completely
which is beginning to look more and more attractive.

jch


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iF4EAREIAAYFAlTtwaYACgkQRQu7fpQvo8ihGAD/fppL/PSXpLep2TVz4Eh5G/ch
NxyTZXDIpXs0DAZTNuAA/RDQ7KBXT/43McHtHMHKFPlMWGnjEEkaAZ8MNQcle0Cs
=mnPH
-----END PGP SIGNATURE-----
[prev in list] [next in list] [prev in thread] [next in thread]