Patch-ID# 100257-06 Keywords: libxpm.so, libxp.so, finds, security recognize, library, ld.so, ldd Synopsis: SunOS 4.1.3c,4.1.3: ldd and ld.so incorrectly finds libXp.so Date: Oct/13/94 Solaris Release: 1.1 SunOS Release: 4.1.3, 4.1.3c Unbundled Product: Unbundled Release: BugId's fixed with this patch: 1158146 1033086 1043300 1046379 1052428 1045194 1032208 1032209 1043082 1069404 1070559 1083431 1071781 Changes incorporated in this version: Revalent Architectures: sparc Patches which may conflict with this patch: Patches accumulated and obsoleted by this patch: Obsoleted by: Files included with this patch: README {4.1.3,4.1.3c}/sun4 ld.so ldconfig ldd Problem Description: 1158146 ldd and ld.so are including the wrong libraries if the libraries are similarly named and in the same directory. ld.so 1.66 contains fixes for these bugs: 1033086: Calling dlopen() on a file with BSS kills your application. 1043300: dlclose prevents access to functions even after further dlopen 1046379: cannot call a function in a [.so] from a function in another 1052428: ld.so usage of -L options confusing, leads to security probs 1045194: dlsym returns bad address for uninitialized global variable 1069404: bad handle errors with dlopen(NULL...) 1070559: SPARC ld.so's are not architecture independent 1076903: cascaded dependency checking too restrictive 1083431: dlsym() can fail to find all symbols 1071781: fix "relocate()" to deal with "interpreted" symbols properly. ldd 1.6 contains fixes for these bugs: 1032208: ldd doesn't write file names if standard output is not a tty 1032209: ldd runs out of file descriptors ldconfig 1.10 contains fixes for this bug: 1043082: Bogus first arg to 'ldconfig' kills dynamic linking For brevity, and because this patch relates exclusively to ld and its support programs, this patch contains fixes to 3 ld "parts"; ld.so (the dynamic linker), ldd (dynamic dependencies lister), and ldconfig (dynamic path cache tool). Unpacking this one patch will provide binary executables for ld.so, ldd, and ldconfig. The result will be a hierarchy that contains only SPARC versions of the referenced programs. The installation instructions below will address, seperately, the install sequence for each of the 3 patches. Install Instructions: For SunOS 4.1.3 and SunOS 4.1.3c -------------------------- Become root before performing the following steps. These steps assume the patch has been copied to the /tmp directory. 1. shutdown system to single user mode 2. Save the original copy of ldconfig: mv /usr/etc/ldconfig /usr/etc/ldconfig.FCS 3. Copy the new ldconfig executible to the /usr/etc directory: cp /tmp/{4.1.3,4.1.3c}/sun4/ldconfig /usr/etc/ldconfig 4. Set file ownership and permissions on ldconfig as follows: chmod 755 /usr/etc/ldconfig chown root.staff /usr/etc/ldconfig 5. Copy the new ld.so file to the /usr/lib directory. cp /tmp/{4.1.3,4.1.3c}/sun4/ld.so /usr/lib/ld.so+ 6. mv /usr/lib/ld.so /usr/lib/ld.so.FCS; mv /usr/lib/ld.so+ /usr/lib/ld.so 7. immediately test with date if date dumps core, back out with mv /usr/lib/ld.so /usr/lib/ld.so+; mv /usr/lib/ld.so.FCS /usr/lib/ld.so 8. Set file ownership and permissions on ld.so as follows: chmod 555 /usr/lib/ld.so chown root.staff /usr/lib/ld.so 9. Save the original copy of ldd: mv /bin/ldd /bin/ldd.FCS 10. Copy the new ldd file to /bin: cp /tmp/{4.1.3, 4.1.3c}/sun4/ldd /bin/ldd chmod 755 /bin/ldd NEVER "cp" or otherwise copy over an installed ld.so.