Results 1 to 10 of 10

Thread: Shared lib template broken under linux ???

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    Join Date
    Jan 2006
    Location
    travelling
    Posts
    1,116
    Qt products
    Qt4
    Platforms
    Unix/X11 Windows
    Thanks
    8
    Thanked 127 Times in 121 Posts

    Default Re: Shared lib template broken under linux ???

    Maybe only crap OSes need import lib but then only crap OSes forget to look in the current dir to find shared libs!!!
    Is there a way to do that programmatically because I don't wanna force each user of my app to do that stupid trick on its own... I think there some QApplication static functions that deals with library paths but will they work from the application itself or will loading fail before the static function is called???
    Current Qt projects : QCodeEdit, RotiDeCode

  2. #2
    Join Date
    Jan 2006
    Posts
    24
    Qt products
    Qt3 Qt4
    Platforms
    Unix/X11
    Thanks
    2
    Thanked 2 Times in 2 Posts

    Default Re: Shared lib template broken under linux ???

    Quote Originally Posted by fullmetalcoder
    Maybe only crap OSes need import lib but then only crap OSes forget to look in the current dir to find shared libs!!!
    Is there a way to do that programmatically because I don't wanna force each user of my app to do that stupid trick on its own... I think there some QApplication static functions that deals with library paths but will they work from the application itself or will loading fail before the static function is called???
    Predefined library path avoid security problems, for launch application write a simple script:

    Qt Code:
    1. #!/bin/bash
    2. export DEVQT_HOME=/path/to/data/files/
    3. export LD_LIBRARY_PATH=${DEVQT_HOME}/lib
    4.  
    5. #and launch app
    6. ${DEVQT_HOME}/bin/devqt
    To copy to clipboard, switch view to plain text mode 

    in MacOsX LD_LIBRARY_PATH is DYLD_LIBRARY_PATH

  3. #3
    Join Date
    Jan 2006
    Location
    Warsaw, Poland
    Posts
    33,376
    Qt products
    Qt3 Qt4 Qt5 Qt/Embedded
    Platforms
    Unix/X11 Windows Android Maemo/MeeGo
    Thanks
    4
    Thanked 5,019 Times in 4,795 Posts
    Wiki edits
    10

    Default Re: Shared lib template broken under linux ???

    Quote Originally Posted by fullmetalcoder
    Maybe only crap OSes need import lib but then only crap OSes forget to look in the current dir to find shared libs!!!
    If the loader was looking in the current dir for libraries, it would be trivial to poison any application by using a "modified" version of a library it uses. There are even viri/rootkits for Linux that use this and ld_preload mechanism to infect the system. If a user wants to alter the library path, it has to be her/his own decision.

  4. #4
    Join Date
    Jan 2006
    Posts
    109
    Qt products
    Qt3 Qt4
    Platforms
    Unix/X11
    Thanks
    2
    Thanked 5 Times in 5 Posts

    Default Re: Shared lib template broken under linux ???

    Quote Originally Posted by wysota
    If the loader was looking in the current dir for libraries, it would be trivial to poison any application by using a "modified" version of a library it uses.
    Actually isn't this a misundesrtanding? As far as I know, on Windows the loader looks for DLLs in the application directory, not the current directory. This looks like a good idea and I don't think there are related security issues.

  5. #5
    Join Date
    Jan 2006
    Location
    Warsaw, Poland
    Posts
    33,376
    Qt products
    Qt3 Qt4 Qt5 Qt/Embedded
    Platforms
    Unix/X11 Windows Android Maemo/MeeGo
    Thanks
    4
    Thanked 5,019 Times in 4,795 Posts
    Wiki edits
    10

    Default Re: Shared lib template broken under linux ???

    What if you make a link to the application and somehow force the directory containing the link to be in the path before the directory containing the proper binary (without a poisoned lib in the same directory) or even execute the link yourself on purpose? Making a hard link (I don't know what about a symbolic one) will surely change the "application directory" which opens the security hole again.

  6. #6
    Join Date
    Jan 2006
    Posts
    109
    Qt products
    Qt3 Qt4
    Platforms
    Unix/X11
    Thanks
    2
    Thanked 5 Times in 5 Posts

    Default Re: Shared lib template broken under linux ???

    Quote Originally Posted by wysota
    What if you make a link to the application and somehow force the directory containing the link to be in the path before the directory containing the proper binary (without a poisoned lib in the same directory) or even execute the link yourself on purpose? Making a hard link (I don't know what about a symbolic one) will surely change the "application directory" which opens the security hole again.
    This cannot happen on Windows, can it?

  7. #7
    Join Date
    Jan 2006
    Posts
    24
    Qt products
    Qt3 Qt4
    Platforms
    Unix/X11
    Thanks
    2
    Thanked 2 Times in 2 Posts

    Default Re: Shared lib template broken under linux ???

    Quote Originally Posted by dimitri
    Actually isn't this a misundesrtanding? As far as I know, on Windows the loader looks for DLLs in the application directory, not the current directory. This looks like a good idea and I don't think there are related security issues.
    Windows? ...

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Qt is a trademark of The Qt Company.