OpenSSH 2.1.1 has a completely insecure libpath if compiled with gcc under AIX
H.G.Borrmann
borrmann at uni-freiburg.de
Fri Jun 16 21:46:03 EST 2000
The subject says it. Openssh 2.1.1p1 still has the same insecure
LIBPATH if compiled under AIX with gcc, e.g.
dump -H ssh
ssh:
***Loader Section***
Loader Header Information
VERSION# #SYMtableENT #RELOCent LENidSTR
0x00000001 0x000000aa 0x00001a28 0x0000008e
#IMPfilID OFFidSTR LENstrTBL OFFstrTBL
0x00000004 0x000149f0 0x0000026d 0x00014a7e
***Import File Strings***
INDEX PATH BASE MEMBER
0
.:/usr/local/lib:/client/lib:/usr/local/lib/gcc-lib/powerpc-ibm-aix4.3.1.0/2.95.2:/usr/lib:/lib
1 libc.a shr.o
2 libnsl.a shr.o
3 libz.a shr.o
As I wrote earlier as a circumvention it is possible to edit the
makefiler and add an appropriate -Xlinker option, e.g. "-Xlinker
-blibpath:/usr/ruf/lib:/usr/lib:/lib" to the LDFLAGS.
I had hoped that this problem is resolved in the new OpenSSH 2.1.1p
port.
H.G.Borrmann
._________________________________________________________________________.
|H.G.Borrmann |Tel.: (0761)
203-4652 |
|Rechenzentrum der Universitaet Freiburg|Fax: (0761)
203-4643 |
|Hermann-Herder-Str. 10
|email: |
|D79104 FREIBURG
|borrmann at ruf.uni-freiburg.de |
|_________________________________________________________________________|
More information about the openssh-unix-dev
mailing list