UNIX "ld" command -- public libraries and security
edhall at Rand-Unix.ARPA
edhall at Rand-Unix.ARPA
Wed Apr 11 11:36:00 AEST 1984
From: Ed_Hall <edhall at Rand-Unix.ARPA>
The order that library directories are searched under 4.1 UNIX is:
/usr/lib/
/lib/
/usr/local/lib/
If a given library is found in a given directory, subsequent directories
will *not* be searched for that library. Thus there is no way for a
publicly-provided library to overcome system security unless a system
library required from /usr/lib/ or /lib/ is missing.
I must strongly advise against making /usr/local/ itself writable, as
this is in many people's path list for executables and thus provides
a perfect place for spoof command security attacks. But /usr/local/lib/
should be OK as long as no one has it in their search paths and no
program incorporating a library there is made publically available
without checking both the program and the library for Trojan Horses.
-Ed Hall, Rand Corp.
edhall at rand-unix.ARPA
decvax!randvax!edhall.UUCP
More information about the Comp.unix.wizards
mailing list