Home / vulnerabilities libtool-ltdl.txt
Posted on 16 October 2006
Link
Hello,
Fedora Core 5 ships the libtool-ltdl library which is used to load
dynamic modules. This package seems to be built with some strange setup
causing a search path of
| $ strings /usr/lib/libltdl.so
| /lib:/usr/lib:hwcap:0:nosegneg:/usr/lib/mysql:/usr/lib/mysql:/usr/lib/mysql:/usr/lib/qt-3.3/lib
Effect is, that dynamic libraries are searched in three relative paths
('hwcap', '0' and 'nosegneg') and loaded from there:
| $ echo 'int main() { lt_dlinit(); lt_dlopenext("foo"); }' > foo.c
| $ gcc foo.c -lltdl
| # strace ./a.out
| open("/lib/foo.la", O_RDONLY) = -1 ENOENT (No such file or directory)
| open("/usr/lib/foo.la", O_RDONLY) = -1 ENOENT (No such file or directory)
| open("hwcap/foo.la", O_RDONLY) = -1 ENOENT (No such file or directory)
| open("0/foo.la", O_RDONLY) = -1 ENOENT (No such file or directory)
| open("nosegneg/foo.la", O_RDONLY) = 3
| ...
| open("/tmp/test/bin/nosegneg/foo.so", O_RDONLY) = 3
Mentioned paths are used also in /usr/bin/libtool:
| $ grep nosegneg /usr/bin/libtool
| sys_lib_dlsearch_path_spec="/lib /usr/lib hwcap 0 nosegneg /usr/lib/mysql /usr/lib/mysql /usr/lib/mysql /usr/lib/qt-3.3/lib "
but effect is unknown.
Impact:
low till medium
Affected:
Fedora Core 5 Updates (libtool-ltdl-1.5.22-2.3)
Not Affected:
Fedora Core 5 (libtool-ltdl-1.5.22-2.2)
Fedora Core Devel
Vendor was notified at 2006-10-08
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=209930
Enrico
