On Mon, 4 Sep 2000, Arthur Korn wrote: > Syslogd uses dlopen() to load the modules, thus ld.so has to > find the library for syslogd.
Nope. An absolute path passed to dlopen() will work and cause the least security problems (on many systems, a group of users has wirte access to /usr/local/lib because they need to install software there. As /usr/local should be searched before /usr and / for libraries and executables, it would be possible to exchange syslog modules, which is probably not what you want. I know that these users shouldn't be installing software then either, but it still is a security consideration). > o Running ldconfig -n /lib/msyslog > For some reason this did not work here, even though it > should if I understand ldconfig(8) right. ldconfig is an anachronism (from the a.out days) that should die with the last a.out executable. > Can anybody please tell me what I should do? I would use -rpath, but > as I said I think there was some document telling not to do so for > whatever reason. Patch the source to use the full path in dlopen(). Actually upstream should have done this IMO. Simon -- PGP public key available from http://phobos.fs.tum.de/pgp/Simon.Richter.asc Fingerprint: 10 62 F6 F5 C0 5D 9E D8 47 05 1B 8A 22 E5 4E C1 Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
