Bug 214081

Summary: [SECURITY] Searches '.' for .la files
Product: [Fedora] Fedora Reporter: Enrico Scholz <rh-bugzilla>
Component: libtoolAssignee: Karsten Hopp <karsten>
Status: CLOSED RAWHIDE QA Contact:
Severity: urgent Docs Contact:
Priority: urgent    
Version: 6CC: redhat-bugzilla, wtogami
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2007-01-23 16:36:05 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Enrico Scholz 2006-11-05 15:40:12 UTC 
[This bug is similar but NOT identical to bug #209930 (which was caused by a
misconfiguration of the buildsystem)]

Description of problem:

Applications which are using libltdl are searching '.' for .la files. This can
used by an attacker to execute arbitrary code.

The 'victim.c' example from bug #209930 shows:

| # strace victim
| open("foo.la", O_RDONLY)                = -1 ENOENT (No such file or directory)


Version-Release number of selected component (if applicable):

libtool-ltdl-1.5.22-6.1.i386.rpm
Comment 1 Karsten Hopp 2007-01-23 16:36:05 UTC 
I've disabled this 'feature' in Rawhide