Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv)

[Damien Miller <djm () mindrot org>]

Valdis.Kletnieks () vt edu wrote:
> On Wed, 30 Apr 2003 13:39:49 +1000, Damien Miller <djm () mindrot org>  said:
>
> > 1. Systems affected:
> >
> > 	Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected 
> > 	if OpenSSH was compiled using a non-AIX compiler (e.g. gcc).
>
>
> This is the same problem as I spotted in Sendmail 8.10.  Basically,
> somewhere, linking is being done with "-L. -lfoo" or similar (in sendmail's
> case, it was -L../otherdir type stuff).
>
> Workaround/fix:  Link with "-bnolibpath -blibpath:/usr/local/lib:/usr/lib"
> or similar.

This is what we have done for a long time, but those options only work 
when using xlc as the linker, with gcc you need to specify different 
options.

3.6.1p2 specifies these options correctly, but it illustrates the deeper 
problem: the default is insecure and you need to add workarounds for 
each additional interface to the linker.

I wouldn't be suprised if this affected binaries built with libtool or 
other wrappers, though I haven't checked (we don't use them).

-d