HPE Community
Operating System - HP-UX
1753465 Members
4761 Online
108794 Solutions
New Discussion юеВ

Re: +nodefaultrpath not working on HPUX

 
SOLVED
Go to solution
Suprateeka R Hegde
Advisor

тАО02-12-2010 03:35 AM

тАО02-12-2010 03:35 AM

Re: +nodefaultrpath not working on HPUX

in your case setting SHLIB_PATH to the correct directory where libjava.sl/libjvm.sl is available should solve the problem. i see that you have used +s already on the link line. so SHLIB_PATH would be honoured by the dynamic loader.

and as dennis is guessing, if it is a setuid app, then read dld.sl(5). it tells about using /etc/dld/sl.conf file to set library search paths.
Reply
bivian
Advisor

тАО02-12-2010 04:10 AM

тАО02-12-2010 04:10 AM

Re: +nodefaultrpath not working on HPUX

Yes it is not able to find the following libraries:
dynamic /home/prash/jdk14/jre/lib/PA_RISC2.0/libjava.sl
dynamic /home/prash/oracle/jdk14/jre/lib/PA_RISC2.0/hotspot/libjvm.sl

Ok. I will try setting SHLIB_PATH properly.

Do you know why LD_LIBRARY_PATH is not considered? Is it not used on all HPUX platforms?
0 Kudos
Reply
bivian
Advisor

тАО02-12-2010 04:46 AM

тАО02-12-2010 04:46 AM

Re: +nodefaultrpath not working on HPUX

Continuing from the above reply..
So the final solution you propose is to set SHLIB_PATH and also remove the library paths using +cdp option. Is that right?
0 Kudos
Reply
Suprateeka R Hegde
Advisor

тАО02-12-2010 05:48 AM

тАО02-12-2010 05:48 AM

Re: +nodefaultrpath not working on HPUX

LD_LIBRARY_PATH is honoured in 64 bit PA and on 32 and 64 bit IPF. the ELF linker and loader honours LD_LIBRARY_PATH since it conforms to SVR4 standards. PA32, does not use LD_LIBRARY_PATH

using +cdp to remove the path is not recommended. because you have to add SHLIB_PATH that time. the right way is to use +cdp to provide the actual path where libjava.sl and libjvm.sl can be found. in that way, you dont have to specify SHLIB_PATH. the other usage is to use +b to specify all possible directories that might contain these libraries.

but if the situation is such that the directory path is not known at all, then SHLIB_PATH is the way to go. and you dont have to use +cdp to change the path. even if a different path is recorded, the dynamic loader seraches the SHLIB_PATH using the basename of the library seen the shared library list of chatr(1) output
Reply
bivian
Advisor

тАО02-12-2010 10:08 AM

тАО02-12-2010 10:08 AM

Re: +nodefaultrpath not working on HPUX

Okay. I understand the use of +cdp, +b( embedded path) and SHLIB_PATH now. It seems that loader will get the library paths in that order.

Consider a situation where i create the shared object on one machine. While creating i use +cdp/+b option(s). And then i use this shared object without relinking on some other machine.

In this case, the shared library list of the object will have libraries with paths pointing to non-existent locations. Also the embedded paths will point to invalid directories.
This is a security problem because a malicious user can create the non-existent directories and load an evil library.

To avoid this i would like to depend on SHLIB_PATH and then use the +cdp option to remove the non-existent paths. Also, i would avoid +b option.

What is your opinion about this?

0 Kudos
Reply
Dennis Handly
Acclaimed Contributor

тАО02-12-2010 12:55 PM

тАО02-12-2010 12:55 PM

Re: +nodefaultrpath not working on HPUX

>Also the embedded paths will point to invalid directories. This is a security problem because a malicious user can create the non-existent directories and load an evil library.

If the malicious user can create the directories then he can remove what's there, if it existed. If you are installing your product, you should have your shlibs as part of the installation and protected from removal/changing.

>To avoid this I would like to depend on SHLIB_PATH and then use the +cdp option to remove the non-existent paths. What is your opinion about this?

Yes, I suggested that in my first reply.
The new problem is how to prevent the user from using his own SHLIB_PATH.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.