https://bugs.wireshark.org/bugzilla/show_bug.cgi?id=5133
Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jeff.morriss.ws@xxxxxxxxx
--- Comment #4 from Jeff Morriss <jeff.morriss.ws@xxxxxxxxx> 2010-08-24 13:34:52 PDT ---
(In reply to comment #1)
> Should this be platform All/All? The paper at
>
> http://www.cs.ucdavis.edu/research/tech-reports/2010/CSE-2010-2.pdf
>
> notes that UN*Xes are vulnerable to this as well.
I didn't read the whole paper yet, but I thought modern library loaded
consisted of searching:
1) directories we told the loader to search when we compile it (with "-R" on
Solaris and "-Wl,-rpath" on Linux, don't know about others)
2) directories the sysadmin set up (at least on Linux, with /etc/ld.so.conf)
3) directories the user specified with LD_LIBRARY_PATH (and other similar
variables)
It seems that the Trickle vulnerability had to do with some funny LD_PRELOAD
stuff where they were explicitly looking for the library in the pwd:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513456
Just doing a quick test (with an installed Wireshark):
% strace -f -o strace.out /usr/sbin/wireshark
% egrep 'open.*lib' strace.out | grep -v "open.\"/usr" | grep -v "open.\"/lib"
yielded no attempts by Wireshark to read a library from anywhere other than
"safe" places.
--
Configure bugmail: https://bugs.wireshark.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.