summary: 'CVE-2009-3736 libtool: libltdl may load and execute code from a library
    in the current directory'
description: |
    cat > ~/foo.java <\EOF public class foo { public static void main(String[] args) { System.loadLibrary("foolib"); } } EOF 
    cd 
    gcj -C foo.java 
    cd /tmp 
    strace -f -v -s1024 gij -cp ~/ foo 2>&1 | grep foolib 

    (resp. s/gcj/gcj4/g;s/gij/gij4/ for gcc4 testing). 

    If any relative path is seen, it is wrong. Bad examples are 

    {lib,}foolib.la 
    {hwcap,0,nosegneg}/{lib,}foolib.{so,la}
contact: mcermak@redhat.com
component:
  - gcc
test: ./runtest.sh
framework: beakerlib
require:
  - gcc
  - gcc-java
  - libgcj
  - strace
duration: 5m
enabled: false
tag:
  - CI-Tier-1
  - Tier1
tier: '1'
link:
  - relates: https://bugzilla.redhat.com/show_bug.cgi?id=537941
adjust:
  - enabled: true
    when: distro == rhel-6 or distro == rhel-5
extra-nitrate: TC#0062145
extra-summary: /tools/gcc/Regression/gcj/537941-libltdl-may-load-library-in-current-directory
extra-task: /tools/gcc/Regression/gcj/537941-libltdl-may-load-library-in-current-directory