Loading library with absolute pathsubmit/tizen_3.0/20170609.051056accepted/tizen/3.0/wearable/20170612.050032accepted/tizen/3.0/mobile/20170612.050019accepted/tizen/3.0/ivi/20170612.050038accepted/tizen/3.0/common/20170612.121630tizen_3.0accepted/tizen_3.0_wearableaccepted/tizen_3.0_mobileaccepted/tizen_3.0_iviaccepted/tizen_3.0_common

- Loading libraries without specifying an absolute path could allow an
  attacker to load a malicious library by changing $LD_* or other aspects
  of the program's execution environment.

Change-Id: Ic51469d1ffab14008e8ef550ae604ee7f3138994
Signed-off-by: Jiwoong Im <jiwoong.im@samsung.com>
(cherry picked from commit c1383a9d34d47837503a61ba5affda841156c4eb)

2 files changed, 2 insertions, 1 deletions

diff --git a/CMakeLists.txt b/CMakeLists.txt
index 25ca50f..ff9a865 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -17,6 +17,7 @@ INCLUDE_DIRECTORIES(${CMAKE_CURRENT_SOURCE_DIR}/include)
 ADD_DEFINITIONS("-DPREFIX=\"${CMAKE_INSTALL_PREFIX}\"")
 ADD_DEFINITIONS("-DDATAFS=\"${DATADIR}\"")
 ADD_DEFINITIONS("-DENABLE_UG_CREATE_CB")
+ADD_DEFINITIONS("-DUG_LIB_DIR=\"${LIB_INSTALL_DIR}\"")
 SET(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} -fvisibility=hidden -Wall")
 
 INCLUDE(FindPkgConfig)
diff --git a/src/engine.c b/src/engine.c
index bf9e32a..a208ceb 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -51,7 +51,7 @@ struct ug_engine *ug_engine_load()
 		return NULL;
 	}
 
-	handle = dlopen("libui-gadget-1-efl-engine.so", RTLD_LAZY);
+	handle = dlopen(UG_LIB_DIR"/libui-gadget-1-efl-engine.so", RTLD_LAZY);
 	if (!handle) {
 		_ERR("dlopen failed: %s", dlerror());
 		goto engine_free;