openssh unix dev - Apr 2000 - LDFLAGS of the Makefile

I have compiled and installed OpenSSH 1.2.3 under AIX 4.3.3.
The call to configure was:

CFLAGS="-I/client/include -L/usr/ruf/lib" \
./configure --with-egd-pool=/dev/urandom \
            --with-afs=/usr/afsws \
            --with-kerberos4=/client \
            --with-tcp-wrappers \
            --with-pid-dir=/etc \
            --sysconfdir=/etc \
                --with-ipv4-default \
            --prefix=/sw/rs_aix433/openssh-1.2.3

The resultant makefile has the line:

LDFLAGS=-L.  -L/usr/local/lib -L/client/lib

As a consequence a dot (the current directory) appears in the PATH of the Loader
Section of ssh at the
first place! That mean that a local user my replace the shared libraries libc.a,
libnsl.a and libz.a by his own
versions and manipulate the system as root, because ssh is installed suid root.

H.G.Borrmann
._________________________________________________________________________.
|H.G.Borrmann				|Tel.: (0761) 203-4652		  |
|Rechenzentrum der Universitaet Freiburg|Fax:  (0761) 203-4643		  |
|Hermann-Herder-Str. 10			|email:				  | 
|D79104 FREIBURG			|borrmann at ruf.uni-freiburg.de     |
|_________________________________________________________________________|

On Tue, 11 Apr 2000, H.G.Borrmann wrote:

 
> The resultant makefile has the line:
> 
> LDFLAGS=-L.  -L/usr/local/lib -L/client/lib
> 
> As a consequence a dot (the current directory) appears in the PATH of the
Loader Section of ssh at the
> first place! That mean that a local user my replace the shared libraries
libc.a,  libnsl.a and libz.a by his own
> versions and manipulate the system as root, because ssh is installed suid
root.
 
Openssh 1.2.3 has some configure trickery to prevent this particular 
braindamage. It should set the -blibpath option to the linker
specifying an explicit library search path.

I would be interested to see why this isn't happening.

-d

--
| "Bombay is 250ms from New York in the new world order" - Alan Cox
| Damien Miller - http://www.mindrot.org/
| Email: djm at mindrot.org (home) -or- djm at ibs.com.au (work)

Hello,
>  
> Openssh 1.2.3 has some configure trickery to prevent this particular 
> braindamage. It should set the -blibpath option to the linker
> specifying an explicit library search path.
> 
> I would be interested to see why this isn't happening.
> 
I attach the output from make. Perhaps this hleps a little bit farther.

H.G.Borrmann
._________________________________________________________________________.
|H.G.Borrmann				|Tel.: (0761) 203-4652		  |
|Rechenzentrum der Universitaet Freiburg|Fax:  (0761) 203-4643		  |
|Hermann-Herder-Str. 10			|email:				  | 
|D79104 FREIBURG			|borrmann at ruf.uni-freiburg.de     |
|_________________________________________________________________________|
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/octet-stream
Size: 24267 bytes
Desc: log
Url :
http://lists.mindrot.org/pipermail/openssh-unix-dev/attachments/20000412/b1cd23bb/attachment.obj