Subject: Re: changing library load order
To: Malcolm Herbert <mjch@mjch.net>
From: Bang Jun-Young <junyoung@mogua.com>
List: netbsd-users
Date: 09/19/2002 02:42:16
On Wed, Sep 18, 2002 at 05:32:07PM +1000, Malcolm Herbert wrote:
> Is there a way to change the library load order _without_ using
> LD_PRELOAD? I'm after something a little more universal than whether
> the environment has a particular variable in it ... and I don't want to
> modify LD_PRELOAD for each and every new library I happen to build ...
>
> I came across this issue due to the Apache+SSL+Linux worm going around
> at the moment ...
>
> basically I've made sure that my libssl.so is up-to-date from the
> pkgsrc tree to appease my local Security Officer, however he kept on
> bugging me about it until we both worked out that apache is loading
> /usr/lib/libssl.so (which is at 0.9.5a on my 1.5.2 system) and not my
> newly up-to-date one in /usr/pkg/lib/libssl.so ...
>
> I'm not too fussed about the worm, but it does strike me as a good
> idea that I make sure ld.so (or ld.elf_so) is loading libraries in
> /usr/pkg/lib in preference to the (potentially old and insecure)
> libraries in /usr/lib
>
> How do I go about this? man ld.so.conf seems to indicate that I can just
> add appropriate paths to /etc/ld.so.conf, but that doesn't seem to have
> done anything ...
Probably this will help:
$ LD_LIBRARY_PATH=/usr/lib:/usr/pkg/lib httpd
Refer to ld.elf_so(1) for more details.
Jun-Young
--
Bang Jun-Young <junyoung@mogua.com>