Bugtraq mailing list archives

Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)

From: Darren Tucker <dtucker () zip com au>
Date: Thu, 01 May 2003 11:48:23 +1000

Valdis.Kletnieks () vt edu wrote:

On Wed, 30 Apr 2003 13:39:49 +1000, Damien Miller <djm () mindrot org>  said:

1. Systems affected:

      Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected
      if OpenSSH was compiled using a non-AIX compiler (e.g. gcc).


This is the same problem as I spotted in Sendmail 8.10.  Basically,
somewhere, linking is being done with "-L. -lfoo" or similar (in sendmail's
case, it was -L../otherdir type stuff).


Yes, and your sendmail advisory was one of the sources of information I
used when preparing the fix.

Workaround/fix:  Link with "-bnolibpath -blibpath:/usr/local/lib:/usr/lib"
or similar.


OpenSSH already specified -blibpath *EXCEPT* when CC=gcc (thus, binaries
compiled with xlc were safe).  GCC doesn't understand -blibpath.

Configure now tries using -blibpath, -Wl,-blibpath and -Wl,-rpath (for
xlc, GCC + native ld and GCC + GNU ld respectively).  If none of these
work it will abort.

-- 
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4  37C9 C982 80C7 8FF4 FA69
    Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.

Current thread:

Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Darren Tucker (May 01)
- <Possible follow-ups>
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Dan Harkless (May 01)
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Darren Tucker (May 01)
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Damien Miller (May 01)
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Shiva Persaud (May 01)