oss-sec mailing list archives
Re: Breaking the links: Exploiting the linker
From: Tomas Hoger <thoger () redhat com>
Date: Wed, 15 Dec 2010 10:45:31 +0100
On Wed, 15 Dec 2010 02:14:20 +0000 Tim Brown wrote:
In the interests of a thorough peer review I'd be curious what people think of the following paper I've been working on Linux and POSIX linkers: http://www.nth-dimension.org.uk/downloads.php?id=77
Any specific reason for recommending:
LD_LIBRARY_PATH="${LD_LIBRARY_PATH:-/path/to/app/lib}"
as a fix for:
LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/path/to/app/lib
issue in 1.3.2? It does not do the same thing the right way:
$ LD_LIBRARY_PATH= ; LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-/path/to/app} ; echo $LD_LIBRARY_PATH
/path/to/app
$ LD_LIBRARY_PATH=/foo ; LD_LIBRARY_PATH=${LD_LIBRARY_PATH:-/path/to/app} ; echo $LD_LIBRARY_PATH
/foo
Maybe you want to suggest something like this instead:
LD_LIBRARY_PATH=${LD_LIBRARY_PATH:+$LD_LIBRARY_PATH:}/path/to/app
--
Tomas Hoger / Red Hat Security Response Team
Current thread:
- Breaking the links: Exploiting the linker Tim Brown (Dec 14)
- Re: Breaking the links: Exploiting the linker Tomas Hoger (Dec 15)
- Re: Breaking the links: Exploiting the linker Justin Ossevoort (Dec 15)
- Re: Breaking the links: Exploiting the linker Tim Brown (Dec 16)
- Re: Breaking the links: Exploiting the linker Ralf Wildenhues (Dec 16)
- Re: Re: Breaking the links: Exploiting the linker Tim Brown (Dec 16)
- Re: Breaking the links: Exploiting the linker Jamie Nguyen (Dec 22)
- Re: Re: Breaking the links: Exploiting the linker Tim Brown (Dec 22)
- Re: Breaking the links: Exploiting the linker Jamie Nguyen (Dec 22)
- Re: Re: Breaking the links: Exploiting the linker Tim Brown (Dec 22)
- Re: Breaking the links: Exploiting the linker Tomas Hoger (Dec 15)