|
|
BugTraq
Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Apr 30 2003 03:39AM Damien Miller (djm mindrot org) (2 replies) Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Apr 30 2003 06:09PM Valdis Kletnieks vt edu (3 replies) Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) May 01 2003 11:25AM Dan Harkless (bugtraq harkless org) Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Apr 30 2003 11:26PM Damien Miller (djm mindrot org) Re: Portable OpenSSH: Dangerous AIX linker behavior (aixgcc.adv) Apr 30 2003 08:29AM Darren Tucker (dtucker zip com au) |
|
Privacy Statement |
> On Wed, 30 Apr 2003 13:39:49 +1000, Damien Miller <djm (at) mindrot (dot) org [email concealed]> said:
> > 1. Systems affected:
> >
> > Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected
> > if OpenSSH was compiled using a non-AIX compiler (e.g. gcc).
>
> This is the same problem as I spotted in Sendmail 8.10. Basically,
> somewhere, linking is being done with "-L. -lfoo" or similar (in sendmail's
> case, it was -L../otherdir type stuff).
Yes, and your sendmail advisory was one of the sources of information I
used when preparing the fix.
> Workaround/fix: Link with "-bnolibpath -blibpath:/usr/local/lib:/usr/lib"
> or similar.
OpenSSH already specified -blibpath *EXCEPT* when CC=gcc (thus, binaries
compiled with xlc were safe). GCC doesn't understand -blibpath.
Configure now tries using -blibpath, -Wl,-blibpath and -Wl,-rpath (for
xlc, GCC + native ld and GCC + GNU ld respectively). If none of these
work it will abort.
--
Darren Tucker (dtucker at zip.com.au)
GPG Fingerprint D9A3 86E9 7EEE AF4B B2D4 37C9 C982 80C7 8FF4 FA69
Good judgement comes with experience. Unfortunately, the experience
usually comes from bad judgement.
[ reply ]