Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Potential arbitrary code execution via dlopen #365

Closed
szsam opened this issue Nov 15, 2023 · 1 comment
Closed

Potential arbitrary code execution via dlopen #365

szsam opened this issue Nov 15, 2023 · 1 comment

Comments

@szsam
Copy link
Contributor

szsam commented Nov 15, 2023

The value of the first argument of dlopen() may come from getenv. Using externally controlled strings in a process operation can allow an attacker to execute malicious commands.

alsa-lib/src/dlmisc.c

Line 155 in ed6b070

handle = dlopen(filename, mode);

alsa-lib/src/pcm/pcm_ladspa.c

Line 1094 in ed6b070

handle = dlopen(filename, RTLD_LAZY);

@perexg
Copy link
Member

perexg commented Dec 8, 2023

This is nothing we can do about it. If you don't like this behaviour, remove the code or mangle getenv function calls. Actually, every dynamic linked application may use LD_PRELOAD dynamic variable, so the security is not a question for this.

@szsam szsam closed this as completed Dec 12, 2023
@szsam szsam closed this as not planned Won't fix, can't repro, duplicate, stale Dec 12, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@perexg @szsam