Bug#48544: libc6: search path for shared libraries includes current directory

To: Zack Weinberg <zack@bitmover.com>, 48544@bugs.debian.org
Cc: control@bugs.debian.org
Subject: Bug#48544: libc6: search path for shared libraries includes current directory
From: Joel Klecker <jk@espy.org>
Date: Thu, 28 Oct 1999 07:27:19 -0700
Message-id: <v04205502b43e0bb3cc30@[206.163.71.146]>
Reply-to: Joel Klecker <jk@espy.org>, 48544@bugs.debian.org
In-reply-to: <[🔎] 199910280633.XAA08996@zack.bitmover.com>
References: <[🔎] 199910280633.XAA08996@zack.bitmover.com>

severity 48544 normal
thanks

At 23:33 -0700 1999-10-27, Zack Weinberg wrote:

I have marked this bug critical because it may be a catastrophic security
hole.  If the dynamic linker does not exhibit the behavior I describe below
for set-id binaries, then feel free to downgrade it.

I do not have any LD_* environment variables set, but for certain binaries
(such as perl) the dynamic linker scans the current directory and several
nonexistent subdirs of the current directory for shared libraries BEFORE it
checks /lib, /usr/lib, and the paths set in ld.so.conf.  I suspect that
this is a bug in the processor-specific library support.


This looks to be a problem caused by perl apparently having a RPATH of nothing.

From objdump -p /usr/bin/perl:

[...]
Dynamic Section:
  NEEDED      libnsl.so.1
  NEEDED      libdb.so.3
  NEEDED      libgdbm.so.1
  NEEDED      libdl.so.2
  NEEDED      libm.so.6
  NEEDED      libc.so.6
  NEEDED      libcrypt.so.1
  RPATH
[...]

% strace -eopen /lib/ld-2.1.2.so --inhibit-rpath '' /usr/bin/perl -e 'exit 0'
open("/usr/bin/perl", O_RDONLY)         = 3
open("/etc/ld.so.preload", O_RDONLY)    = -1 ENOENT (No such file or directory)
open("/etc/ld.so.cache", O_RDONLY)      = 3
open("/lib/libnsl.so.1", O_RDONLY)      = 3
open("/lib/libdb.so.3", O_RDONLY)       = 3
open("/usr/lib/libgdbm.so.1", O_RDONLY) = 3
open("/lib/libdl.so.2", O_RDONLY)       = 3
open("/lib/libm.so.6", O_RDONLY)        = 3
open("/lib/libc.so.6", O_RDONLY)        = 3
open("/lib/libcrypt.so.1", O_RDONLY)    = 3
open("/usr/share/locale/locale.alias", O_RDONLY) = 3

open("/usr/share/i18n/locale.alias", O_RDONLY) = -1 ENOENT (No suchfile or directory)

open("/usr/share/locale/en_US/LC_MESSAGES", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_MESSAGES/SYS_LC_MESSAGES", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_MONETARY", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_COLLATE", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_TIME", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_NUMERIC", O_RDONLY) = 3
open("/usr/share/locale/en_US/LC_CTYPE", O_RDONLY) = 3
open("/usr/lib/gconv/gconv-modules", O_RDONLY) = 3
open("/usr/lib/gconv/ISO8859-1.so", O_RDONLY) = 3
open("/dev/null", O_RDONLY)             = 3

--
Joel Klecker (aka Espy)                    Debian GNU/Linux Developer
<URL:mailto:jk@espy.org>                 <URL:mailto:espy@debian.org>
<URL:http://web.espy.org/>               <URL:http://www.debian.org/>

Reply to:

Follow-Ups:
- Processed: Re: Bug#48544: libc6: search path for shared libraries includes current directory
  - From: owner@bugs.debian.org (Debian Bug Tracking System)

References:
- Bug#48544: libc6: search path for shared libraries includes current directory
  - From: Zack Weinberg <zack@bitmover.com>

Prev by Date: Processed: Re: Bug#48544: libc6: search path for shared libraries includes current directory
Next by Date: Bug#48476: latest libc6 breaks xemacs bootstrap
Previous by thread: Bug#48544: libc6: search path for shared libraries includes current directory
Next by thread: Processed: Re: Bug#48544: libc6: search path for shared libraries includes current directory
Index(es):
- Date
- Thread