From ff4be700d0f316e043de8b3cf03ad64e086f0525 Mon Sep 17 00:00:00 2001 From: Rich Felker Date: Mon, 9 Sep 2013 13:39:08 -0400 Subject: do not use default when dynamic linker fails to open existing path file if fopen fails for a reason other than ENOENT, we must assume the intent is that the path file be used. failure may be due to misconfiguration or intentional resource-exhaustion attack (against suid programs), in which case falling back to loading libraries from an unintended path could be dangerous. --- src/ldso/dynlink.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/ldso/dynlink.c b/src/ldso/dynlink.c index 6d3d08ed..a89e7432 100644 --- a/src/ldso/dynlink.c +++ b/src/ldso/dynlink.c @@ -614,6 +614,8 @@ static struct dso *load_library(const char *name, struct dso *needed_by) sys_path = ""; } fclose(f); + } else if (errno != ENOENT) { + sys_path = ""; } } if (!sys_path) sys_path = "/lib:/usr/local/lib:/usr/lib"; -- cgit v1.2.1