[14332] in bugtraq
Re: Unexpected and dangerous AIX 4.X linker behavior
daemon@ATHENA.MIT.EDU (Dan Harkless)
Fri Mar 17 09:41:17 2000
Message-Id: <200003160056.QAA20098@dilvish.speed.net>
Date: Wed, 15 Mar 2000 16:56:36 -0800
Reply-To: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
From: Dan Harkless <dan-bugtraq@DILVISH.SPEED.NET>
X-To: BUGTRAQ@SECURITYFOCUS.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: Message from Gregory Neil Shapiro <gshapiro@SENDMAIL.ORG> of
"Tue, 14 Mar 2000 12:12:05 PST."
<14542.40213.145836.794455@horsey.gshapiro.net>
Gregory Neil Shapiro <gshapiro@SENDMAIL.ORG> writes:
> Valdis Kletnieks of Virginia Tech alerted the Sendmail Consortium to a
> potentially dangerous side-effect of the AIX 4.X linker. Unlike most other
> linkers, the AIX linker uses the paths specified at compile time for the
> program's shared library search path at run time. Therefore, AIX
> compilations which use the -L flag with the AIX linker must use extra
> precautions to prevent security problems.
I just did some testing and the problem is not limited to IBM's native
linker. Executables linked using my copy of GNU ld:
% /usr/local/bin/ld -v
GNU ld version 2.9.1 (with BFD 2.9.1)
exhibit the same vulnerability. It would seem the GNU ld authors
intentionally emulated the harmful behavior of /usr/ccs/bin/ld.
> Most other systems do not use paths specified using the -L option into the
> runtime search path. For example, on Solaris you would use -R for this,
> for gcc you would use -rpath, and so forth, thus avoiding this problem.
> (However, gcc on SunOS 4 _does_ have the problem if you don't use -rpath,
> at least according to the man page.)
Um, I don't believe -rpath is a gcc option. It's a GNU ld option, analagous
to IBM ld's -blibpath option.
> Workaround
> ----------
>
> Programs in this situation should begin using the '-blibpath' option when
> using the AIX linker. This option states that only the specified library
> directories should be used at run time for library paths. For example:
>
> /usr/bin/xlc -blibpath:/usr/lib:/lib:/usr/local/lib
If using gcc and GNU ld, that'd be:
gcc -Wl,-rpath /usr/lib -Wl,-rpath /lib -Wl,-rpath /usr/local/lib
----------------------------------------------------------------------
Dan Harkless | To prevent SPAM contamination, please
dan-bugtraq@dilvish.speed.net | do not mention this private email
SpeedGate Communications, Inc. | address in Usenet posts. Thank you.
