gcc/tests/Regression/537941-libltdl-may-load-library-in-current-directory/main.fmf

40 lines
1.1 KiB
Plaintext
Raw Permalink Normal View History

2022-07-29 14:27:49 +00:00
summary: 'CVE-2009-3736 libtool: libltdl may load and execute code from a library
in the current directory'
description: |
cat > ~/foo.java <\EOF public class foo { public static void main(String[] args) { System.loadLibrary("foolib"); } } EOF
cd
gcj -C foo.java
cd /tmp
strace -f -v -s1024 gij -cp ~/ foo 2>&1 | grep foolib
(resp. s/gcj/gcj4/g;s/gij/gij4/ for gcc4 testing).
If any relative path is seen, it is wrong. Bad examples are
{lib,}foolib.la
{hwcap,0,nosegneg}/{lib,}foolib.{so,la}
contact: mcermak@redhat.com
component:
- gcc
test: ./runtest.sh
framework: beakerlib
require:
- gcc
- gcc-java
- libgcj
- strace
duration: 5m
enabled: false
tag:
- CI-Tier-1
- Tier1
tier: '1'
link:
- relates: https://bugzilla.redhat.com/show_bug.cgi?id=537941
adjust:
- enabled: true
when: distro == rhel-6 or distro == rhel-5
extra-nitrate: TC#0062145
extra-summary: /tools/gcc/Regression/gcj/537941-libltdl-may-load-library-in-current-directory
extra-task: /tools/gcc/Regression/gcj/537941-libltdl-may-load-library-in-current-directory