I have compiled and installed OpenSSH 1.2.3 under AIX 4.3.3. The call to configure was: CFLAGS="-I/client/include -L/usr/ruf/lib" \ ./configure --with-egd-pool=/dev/urandom \ --with-afs=/usr/afsws \ --with-kerberos4=/client \ --with-tcp-wrappers \ --with-pid-dir=/etc \ --sysconfdir=/etc \ --with-ipv4-default \ --prefix=/sw/rs_aix433/openssh-1.2.3 The resultant makefile has the line: LDFLAGS=-L. -L/usr/local/lib -L/client/lib As a consequence a dot (the current directory) appears in the PATH of the Loader Section of ssh at the first place! That mean that a local user my replace the shared libraries libc.a, libnsl.a and libz.a by his own versions and manipulate the system as root, because ssh is installed suid root. H.G.Borrmann ._________________________________________________________________________. |H.G.Borrmann |Tel.: (0761) 203-4652 | |Rechenzentrum der Universitaet Freiburg|Fax: (0761) 203-4643 | |Hermann-Herder-Str. 10 |email: | |D79104 FREIBURG |borrmann at ruf.uni-freiburg.de | |_________________________________________________________________________|
On Tue, 11 Apr 2000, H.G.Borrmann wrote:> The resultant makefile has the line: > > LDFLAGS=-L. -L/usr/local/lib -L/client/lib > > As a consequence a dot (the current directory) appears in the PATH of the Loader Section of ssh at the > first place! That mean that a local user my replace the shared libraries libc.a, libnsl.a and libz.a by his own > versions and manipulate the system as root, because ssh is installed suid root.Openssh 1.2.3 has some configure trickery to prevent this particular braindamage. It should set the -blibpath option to the linker specifying an explicit library search path. I would be interested to see why this isn't happening. -d -- | "Bombay is 250ms from New York in the new world order" - Alan Cox | Damien Miller - http://www.mindrot.org/ | Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)
Hello,> > Openssh 1.2.3 has some configure trickery to prevent this particular > braindamage. It should set the -blibpath option to the linker > specifying an explicit library search path. > > I would be interested to see why this isn't happening. >I attach the output from make. Perhaps this hleps a little bit farther. H.G.Borrmann ._________________________________________________________________________. |H.G.Borrmann |Tel.: (0761) 203-4652 | |Rechenzentrum der Universitaet Freiburg|Fax: (0761) 203-4643 | |Hermann-Herder-Str. 10 |email: | |D79104 FREIBURG |borrmann at ruf.uni-freiburg.de | |_________________________________________________________________________| -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/octet-stream Size: 24267 bytes Desc: log Url : http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20000412/b1cd23bb/attachment.obj