[Ecls-list] ECL build issues

Dr. David Kirkby david.kirkby at onetel.net
Mon Aug 3 23:06:17 UTC 2009

Waldek Hebisch wrote:

> Setting LD_LIBRARY_PATH used to be not necessary.  But some time
> ago ECL was modified at request of security folks.  Namely, to
> automatically find its shared library ECL used 'rpath' feature.
> This feature is considered dangerous by security folks -- using
> 'rpath' means that ECL will search for its library in a set
> of directories specified at build time.  If ECL binary is is later
> installed on other machine it may happen that an adversary has
> right to put files in one of places searched by ECL. Then using
> apropriatly prepared 'libecl.so.x.y' the adversary can hijack
> any ECL process.

To me, that security argument is just stupid. If I build ecl and make it 
search in my home directory for a library, that is my choice. I could 
put all sorts of nasty code in there. If an admin wants to use that 
code, he should either trust the person that built it, or build it himself.

In fact, using LD_PRELOAD you can make any code you want execute rather 
than the system one. I've has to use that myself when a system library 
is broken.

IMHO, LD_LIBRARY_PATH should be used as a last resort - not as a first 

More information about the ecl-devel mailing list