Valdis.Kletnieksat_private wrote: > On Wed, 30 Apr 2003 13:39:49 +1000, Damien Miller <djmat_private> said: > >>1. Systems affected: >> >> Users of Portable OpenSSH prior to 3.6.1p2 on AIX are affected >> if OpenSSH was compiled using a non-AIX compiler (e.g. gcc). > > > This is the same problem as I spotted in Sendmail 8.10. Basically, > somewhere, linking is being done with "-L. -lfoo" or similar (in sendmail's > case, it was -L../otherdir type stuff). > > Workaround/fix: Link with "-bnolibpath -blibpath:/usr/local/lib:/usr/lib" > or similar. This is what we have done for a long time, but those options only work when using xlc as the linker, with gcc you need to specify different options. 3.6.1p2 specifies these options correctly, but it illustrates the deeper problem: the default is insecure and you need to add workarounds for each additional interface to the linker. I wouldn't be suprised if this affected binaries built with libtool or other wrappers, though I haven't checked (we don't use them). -d
This archive was generated by hypermail 2b30 : Thu May 01 2003 - 14:04:55 PDT