Simon Richter schrieb:
> On Mon, 4 Sep 2000, Arthur Korn wrote:
> > Syslogd uses dlopen() to load the modules, thus ld.so has to
> > find the library for syslogd.
>
> Nope. An absolute path passed to dlopen() will work and cause the least
> security problems (on many systems, a group of users has wirte access to
> /usr/local/lib because they need to install software there. As /usr/local
> should be searched before /usr and / for libraries and executables, it
> would be possible to exchange syslog modules, which is probably not what
> you want. I know that these users shouldn't be installing software then
> either, but it still is a security consideration).
Couldn't I just use -rpath for the same effect? AFAIK the -rpath
is searched before any other locations for the libs, and since
everything is lost anyway if somebody can manipulate the
/lib/msyslog/ directory, it doesn't matter that ld.so
theoretically would continue to search for the modules in the
other places.
BTW: I'd really like to know _why_ lintian considers rpath to be
'generally a bad thing'.
I forwarded your mail to the developers of msyslog (CORE-SDI)
and asked about theyer opinion on this.
> ldconfig is an anachronism (from the a.out days) that should die with the
> last a.out executable.
Oh, well, and how will you tell ld.so where to search for lib's
and make that symlinks without /etc/ld.so.conf and ldconfig?
> Patch the source to use the full path in dlopen(). Actually upstream
> should have done this IMO.
Regardless what I'll do in the end, upstream _will_ get a notice
and diffs from me, don't worry.
ciao, 2ri
--
They are really completely different things, so don't mix them up, but they
have a close relation to each other.
-- http://hurddocs.org/whatis/translator.html
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
