[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Plugins: proper way to change ld.so search path for a single binary

On Mon, 4 Sep 2000, Arthur Korn wrote:

> Syslogd uses dlopen() to load the modules, thus ld.so has to
> find the library for syslogd.

Nope. An absolute path passed to dlopen() will work and cause the least
security problems (on many systems, a group of users has wirte access to
/usr/local/lib because they need to install software there. As /usr/local
should be searched before /usr and / for libraries and executables, it
would be possible to exchange syslog modules, which is probably not what
you want. I know that these users shouldn't be installing software then
either, but it still is a security consideration).

> o Running ldconfig -n /lib/msyslog
>     For some reason this did not work here, even though it
>     should if I understand ldconfig(8) right.

ldconfig is an anachronism (from the a.out days) that should die with the
last a.out executable.

> Can anybody please tell me what I should do? I would use -rpath, but
> as I said I think there was some document telling not to do so for
> whatever reason.

Patch the source to use the full path in dlopen(). Actually upstream
should have done this IMO.


PGP public key available from http://phobos.fs.tum.de/pgp/Simon.Richter.asc
 Fingerprint: 10 62 F6 F5 C0 5D 9E D8  47 05 1B 8A 22 E5 4E C1
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!

Reply to: