Bugtraq mailing list archives
Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)
From: Darren Tucker <dtucker () zip com au>
Date: Thu, 01 May 2003 11:48:23 +1000
Valdis.Kletnieks () vt edu wrote:
On Wed, 30 Apr 2003 13:39:49 +1000, Damien Miller <djm () mindrot org> said:1. Systems affected: Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected if OpenSSH was compiled using a non-AIX compiler (e.g. gcc).This is the same problem as I spotted in Sendmail 8.10. Basically, somewhere, linking is being done with "-L. -lfoo" or similar (in sendmail's case, it was -L../otherdir type stuff).
Yes, and your sendmail advisory was one of the sources of information I used when preparing the fix.
Workaround/fix: Link with "-bnolibpath -blibpath:/usr/local/lib:/usr/lib" or similar.
OpenSSH already specified -blibpath *EXCEPT* when CC=gcc (thus, binaries compiled with xlc were safe). GCC doesn't understand -blibpath. Configure now tries using -blibpath, -Wl,-blibpath and -Wl,-rpath (for xlc, GCC + native ld and GCC + GNU ld respectively). If none of these work it will abort. -- Darren Tucker (dtucker at zip.com.au) GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69 Good judgement comes with experience. Unfortunately, the experience usually comes from bad judgement.
Current thread:
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Darren Tucker (May 01)
- <Possible follow-ups>
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Dan Harkless (May 01)
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Darren Tucker (May 01)
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Damien Miller (May 01)
- Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Shiva Persaud (May 01)