Patch-ID# 100257-06
Keywords: libxpm.so, libxp.so, finds, security recognize, library, ld.so, ldd
Synopsis: SunOS 4.1.3c,4.1.3: ldd and ld.so incorrectly finds libXp.so
Date: Oct/13/94

Solaris Release: 1.1

SunOS Release: 4.1.3, 4.1.3c

Unbundled Product: 

Unbundled Release: 

BugId's fixed with this patch: 1158146 1033086 1043300 1046379 1052428 1045194 1032208 1032209 1043082 1069404 1070559 1083431 1071781

Changes incorporated in this version: 

Architectures for which this patch is available: sparc

Patches which may conflict with this patch: 

Other patches this accumulates and obsoletes: 

Obsoleted by: 

Files included with this patch:

        README

	{4.1.3,4.1.3c}/sun4
	              ld.so
	              ldconfig
	              ldd

Problem Description: 

        1158146 ldd and ld.so are including the wrong libraries if the libraries
        are similarly named and in the same directory.

        ld.so 1.66 contains fixes for these bugs:
          1033086: Calling dlopen() on a file with BSS kills your application.
          1043300: dlclose prevents access to functions even after further dlopen
          1046379: cannot call a function in a [.so] from a function in another
          1052428: ld.so usage of -L options confusing, leads to security probs
          1045194: dlsym returns bad address for uninitialized global variable
          1069404: bad handle errors with dlopen(NULL...)
          1070559: SPARC ld.so's are not architecture independent
          1076903: cascaded dependency checking too restrictive
          1083431: dlsym() can fail to find all symbols
          1071781: fix "relocate()" to deal with "interpreted" symbols properly.
 
        ldd 1.6 contains fixes for these bugs:
          1032208: ldd doesn't write file names if standard output is not a tty
          1032209: ldd runs out of file descriptors
 
        ldconfig 1.10 contains fixes for this bug:
          1043082: Bogus first arg to 'ldconfig' kills dynamic linking
 
        For brevity, and because this patch relates exclusively to ld
        and its support programs, this patch contains fixes to 3 ld
        "parts"; ld.so (the dynamic linker), ldd (dynamic dependencies
        lister), and ldconfig (dynamic path cache tool).

        Unpacking this one patch will provide binary executables for
        ld.so, ldd, and ldconfig.  The result will be a hierarchy that
        contains only SPARC versions of the referenced programs.
 
        The installation instructions below will address, seperately,
        the install sequence for each of the 3 patches.

Install Instructions: 

For SunOS 4.1.3 and SunOS 4.1.3c
--------------------------

Become root before performing the following steps.  These steps assume the patch
has been copied to the /tmp directory. 

1. shutdown system to single user mode

2. Save the original copy of ldconfig:

      mv /usr/etc/ldconfig /usr/etc/ldconfig.FCS

3. Copy the new ldconfig executible to the /usr/etc directory:
    
      cp /tmp/{4.1.3,4.1.3c}/sun4/ldconfig /usr/etc/ldconfig

4. Set file ownership and permissions on ldconfig as follows:

      chmod 755 /usr/etc/ldconfig
      chown root.staff /usr/etc/ldconfig

5. Copy the new ld.so file to the /usr/lib directory.

      cp /tmp/{4.1.3,4.1.3c}/sun4/ld.so /usr/lib/ld.so+

6. mv /usr/lib/ld.so /usr/lib/ld.so.FCS; mv /usr/lib/ld.so+ /usr/lib/ld.so

7. immediately test with

        date
 
   if date dumps core, back out with
 
   mv /usr/lib/ld.so /usr/lib/ld.so+; mv /usr/lib/ld.so.FCS /usr/lib/ld.so
 
8. Set file ownership and permissions on ld.so as follows:

      chmod 555 /usr/lib/ld.so
      chown root.staff /usr/lib/ld.so

9. Save the original copy of ldd:
 
        mv /bin/ldd /bin/ldd.FCS

10. Copy the new ldd file to /bin:

        cp /tmp/{4.1.3, 4.1.3c}/sun4/ldd /bin/ldd
        chmod 755 /bin/ldd

NEVER "cp" or otherwise copy over an installed ld.so.
