Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. OpenSSH>
  3. Dev
LDFLAGS of the Makefile
borrmann at ibm1
Apr 11, 2000, 5:43 AM
Post #1 of 4 (960 views)
Permalink
I have compiled and installed OpenSSH 1.2.3 under AIX 4.3.3.
The call to configure was:

CFLAGS="-I/client/include -L/usr/ruf/lib" \
./configure --with-egd-pool=/dev/urandom \
--with-afs=/usr/afsws \
--with-kerberos4=/client \
--with-tcp-wrappers \
--with-pid-dir=/etc \
--sysconfdir=/etc \
--with-ipv4-default \
--prefix=/sw/rs_aix433/openssh-1.2.3

The resultant makefile has the line:

LDFLAGS=-L. -L/usr/local/lib -L/client/lib

As a consequence a dot (the current directory) appears in the PATH of the Loader Section of ssh at the
first place! That mean that a local user my replace the shared libraries libc.a, libnsl.a and libz.a by his own
versions and manipulate the system as root, because ssh is installed suid root.

H.G.Borrmann
._________________________________________________________________________.
|H.G.Borrmann |Tel.: (0761) 203-4652 |
|Rechenzentrum der Universitaet Freiburg|Fax: (0761) 203-4643 |
|Hermann-Herder-Str. 10 |email: |
|D79104 FREIBURG |borrmann@ruf.uni-freiburg.de |
|_________________________________________________________________________|
Re: LDFLAGS of the Makefile [ In reply to ]
djm at mindrot
Apr 11, 2000, 3:23 PM
Post #2 of 4 (946 views)
Permalink
On Tue, 11 Apr 2000, H.G.Borrmann wrote:


> The resultant makefile has the line:
>
> LDFLAGS=-L. -L/usr/local/lib -L/client/lib
>
> As a consequence a dot (the current directory) appears in the PATH of the Loader Section of ssh at the
> first place! That mean that a local user my replace the shared libraries libc.a, libnsl.a and libz.a by his own
> versions and manipulate the system as root, because ssh is installed suid root.

Openssh 1.2.3 has some configure trickery to prevent this particular
braindamage. It should set the -blibpath option to the linker
specifying an explicit library search path.

I would be interested to see why this isn't happening.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)
Re: LDFLAGS of the Makefile [ In reply to ]
borrmann at ibm1
Apr 12, 2000, 6:16 AM
Post #3 of 4 (978 views)
Permalink
Hello,

>
> Openssh 1.2.3 has some configure trickery to prevent this particular
> braindamage. It should set the -blibpath option to the linker
> specifying an explicit library search path.
>
> I would be interested to see why this isn't happening.
>

I attach the output from make. Perhaps this hleps a little bit farther.

H.G.Borrmann
._________________________________________________________________________.
|H.G.Borrmann |Tel.: (0761) 203-4652 |
|Rechenzentrum der Universitaet Freiburg|Fax: (0761) 203-4643 |
|Hermann-Herder-Str. 10 |email: |
|D79104 FREIBURG |borrmann@ruf.uni-freiburg.de |
|_________________________________________________________________________|
Re: LDFLAGS of the Makefile [ In reply to ]
djm at mindrot
Apr 12, 2000, 6:26 AM
Post #4 of 4 (948 views)
Permalink
On Wed, 12 Apr 2000, H.G.Borrmann wrote:

> Hello,
>
> >
> > Openssh 1.2.3 has some configure trickery to prevent this particular
> > braindamage. It should set the -blibpath option to the linker
> > specifying an explicit library search path.
> >
> > I would be interested to see why this isn't happening.
>
> I attach the output from make. Perhaps this hleps a little bit
> farther.

You are using gcc as your linker. What other linkers are available on
your system? xld?

Can you verify if executables linked with gcc exhibit the runtime
linking bug?

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm@mindrot.org (home) -or- djm@ibs.com.au (work)

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal