From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ldv@altlinux.org>
Date: Sun, 17 Oct 2010 13:27:26 +0400
From: "Dmitry V. Levin" <ldv@altlinux.org>
To: ALT Devel discussion list <devel@lists.altlinux.org>
Message-ID: <20101017092726.GA7358@altlinux.org>
Mail-Followup-To: ALT Devel discussion list <devel@lists.altlinux.org>
References: <bug-24333-28@http.bugzilla.altlinux.org/>
	<201010161658.19585.lav@altlinux.ru>
	<20101016131706.GA15537@altlinux.org>
	<201010171252.32476.lav@altlinux.ru>
Mime-Version: 1.0
Content-Type: multipart/signed; micalg=pgp-sha1;
	protocol="application/pgp-signature"; boundary="huq684BweRXVnRxX"
Content-Disposition: inline
In-Reply-To: <201010171252.32476.lav@altlinux.ru>
X-fingerprint: FE4C 93AB E19A 2E4C CB5D  3E4E 7CAB E6AC 9E35 361E
Subject: Re: [devel] [Bug 24333] CVE-2010-3385: insecure library loading
X-BeenThere: devel@lists.altlinux.org
X-Mailman-Version: 2.1.12
Precedence: list
Reply-To: ALT Linux Team development discussions <devel@lists.altlinux.org>
List-Id: ALT Linux Team development discussions <devel.lists.altlinux.org>
List-Unsubscribe: <https://lists.altlinux.org/mailman/options/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=unsubscribe>
List-Archive: <http://lists.altlinux.org/pipermail/devel>
List-Post: <mailto:devel@lists.altlinux.org>
List-Help: <mailto:devel-request@lists.altlinux.org?subject=help>
List-Subscribe: <https://lists.altlinux.org/mailman/listinfo/devel>,
	<mailto:devel-request@lists.altlinux.org?subject=subscribe>
X-List-Received-Date: Sun, 17 Oct 2010 09:27:26 -0000
Archived-At: <http://lore.altlinux.org/devel/20101017092726.GA7358@altlinux.org/>
List-Archive: <http://lore.altlinux.org/devel/>
List-Post: <mailto:devel@altlinux.org>


--huq684BweRXVnRxX
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
Content-Transfer-Encoding: quoted-printable

On Sun, Oct 17, 2010 at 12:52:32PM +0400, Vitaly Lipatov wrote:
> =F7 =D3=CF=CF=C2=DD=C5=CE=C9=C9 =CF=D4 =F3=D5=C2=C2=CF=D4=C1 16 =CF=CB=D4=
=D1=C2=D2=D1 2010 Dmitry V. Levin =CE=C1=D0=C9=D3=C1=CC(a):
> ...
> > > =F4=C1=CB =C1 =D7=D3=A3-=D4=C1=CB=C9, =D5 =CE=C1=D3 =C5=D3=D4=D8 =DC=
=D4=C1 =D0=D2=CF=C2=CC=C5=CD=C1 CVE-2010-3385, =C9=CC=C9 =CE=C5=D4?
> >=20
> > =E5=D3=D4=D8, =CB=CF=CE=C5=DE=CE=CF, =C9 =D2=C5=DB=C1=D4=D8 =C5=A3 =D0=
=CF =D0=D2=C5=D6=CE=C5=CD=D5 =CE=C1=C4=CF =D7 =D0=D2=C9=CC=CF=D6=C5=CE=C9=
=D1=C8, =CB=CF=D4=CF=D2=D9=C5
> > =C6=CF=D2=CD=C9=D2=D5=C0=D4 LD_LIBRARY_PATH.
> =E1 =D0=CF=DE=C5=CD=D5, =CB=CF=C7=C4=C1 =D7 PATH =C2=D9=CC ./ =D0=CF =D5=
=CD=CF=CC=DE=C1=CE=C9=C0, =CD=D9 =D5=C2=D2=C1=CC=C9 =C5=C7=CF =C9=DA PATH, =
=C1 =CB=CF=C7=C4=C1 =D4=CF=20
> =D6=C5 =D3=C1=CD=CF=C5 =C4=C5=CC=C1=C5=D4 ld, =CD=D9 =D0=D2=C1=D7=C9=CD L=
D_LIBRARY_PATH?

ld.so =CE=C5 =C9=C7=CE=CF=D2=C9=D2=D5=C5=D4 =DC=CC=C5=CD=C5=CE=D4=D9 PATH, =
=CF=D0=D2=C5=C4=C5=CC=A3=CE=CE=D9=C5 =D0=CF=CC=D8=DA=CF=D7=C1=D4=C5=CC=C5=
=CD,
=C1 LD_LIBRARY_PATH =D0=CF =D5=CD=CF=CC=DE=C1=CE=C9=C0 =D7=CF=CF=C2=DD=C5 =
=CF=D4=D3=D5=D4=D3=D4=D7=D5=C5=D4.

> =E9 =CE=C5 =CE=C1=C4=CF =CC=C9 =D3=CF=DA=C4=C1=D4=D8 =D3=CB=D2=C9=D0=D4 =
=D4=C9=D0=C1=20
> . /sbin/add_to_ld_library_path NEW_PATH

=F7=CD=C5=D3=D4=CF =D0=C5=D2=C5=CD=C5=CE=CE=CF=CA LD_LIBRARY_PATH =CC=D5=DE=
=DB=C5 =D3=CF=C2=C9=D2=C1=D4=D8 ELF=D9 =D3 RPATH.


--=20
ldv

--huq684BweRXVnRxX
Content-Type: application/pgp-signature
Content-Disposition: inline

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iEYEARECAAYFAky6wX4ACgkQfKvmrJ41Nh7sHQCfbQozLIElLsPYWe+iNQgie8BN
cH0AoMECGYSQDZaM13OGXnfT1EQnfqWl
=Jr/A
-----END PGP SIGNATURE-----

--huq684BweRXVnRxX--