40 lines
1.1 KiB
Plaintext
40 lines
1.1 KiB
Plaintext
summary: 'CVE-2009-3736 libtool: libltdl may load and execute code from a library
|
|
in the current directory'
|
|
description: |
|
|
cat > ~/foo.java <\EOF public class foo { public static void main(String[] args) { System.loadLibrary("foolib"); } } EOF
|
|
cd
|
|
gcj -C foo.java
|
|
cd /tmp
|
|
strace -f -v -s1024 gij -cp ~/ foo 2>&1 | grep foolib
|
|
|
|
(resp. s/gcj/gcj4/g;s/gij/gij4/ for gcc4 testing).
|
|
|
|
If any relative path is seen, it is wrong. Bad examples are
|
|
|
|
{lib,}foolib.la
|
|
{hwcap,0,nosegneg}/{lib,}foolib.{so,la}
|
|
contact: mcermak@redhat.com
|
|
component:
|
|
- gcc
|
|
test: ./runtest.sh
|
|
framework: beakerlib
|
|
require:
|
|
- gcc
|
|
- gcc-java
|
|
- libgcj
|
|
- strace
|
|
duration: 5m
|
|
enabled: false
|
|
tag:
|
|
- CI-Tier-1
|
|
- Tier1
|
|
tier: '1'
|
|
link:
|
|
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=537941
|
|
adjust:
|
|
- enabled: true
|
|
when: distro == rhel-6 or distro == rhel-5
|
|
extra-nitrate: TC#0062145
|
|
extra-summary: /tools/gcc/Regression/gcj/537941-libltdl-may-load-library-in-current-directory
|
|
extra-task: /tools/gcc/Regression/gcj/537941-libltdl-may-load-library-in-current-directory
|