214081 – [SECURITY] Searches '.' for .la files

Bug 214081 - [SECURITY] Searches '.' for .la files

Summary: [SECURITY] Searches '.' for .la files

Keywords:
Status:	CLOSED RAWHIDE
Alias:	None
Product:	Fedora
Classification:	Fedora
Component:	libtool
Sub Component:
Version:	6
Hardware:	All
OS:	Linux
Priority:	urgent
Severity:	urgent
Target Milestone:	---
Assignee:	Karsten Hopp
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2006-11-05 15:40 UTC by Enrico Scholz
Modified:	2007-11-30 22:11 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2007-01-23 16:36:05 UTC
Type:	---
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Description Enrico Scholz 2006-11-05 15:40:12 UTC

[This bug is similar but NOT identical to bug #209930 (which was caused by a
misconfiguration of the buildsystem)]

Description of problem:

Applications which are using libltdl are searching '.' for .la files. This can
used by an attacker to execute arbitrary code.

The 'victim.c' example from bug #209930 shows:

| # strace victim
| open("foo.la", O_RDONLY)                = -1 ENOENT (No such file or directory)


Version-Release number of selected component (if applicable):

libtool-ltdl-1.5.22-6.1.i386.rpm

Comment 1 Karsten Hopp 2007-01-23 16:36:05 UTC

I've disabled this 'feature' in Rawhide

Note You need to log in before you can comment on or make changes to this bug.