diff options
author | Jiwoong Im <jiwoong.im@samsung.com> | 2017-04-28 13:51:24 +0900 |
---|---|---|
committer | Jiwoong Im <jiwoong.im@samsung.com> | 2017-04-28 04:52:32 +0000 |
commit | c1383a9d34d47837503a61ba5affda841156c4eb (patch) | |
tree | 579805c55f7a9b4d7ec1062b12f7efaf161ae318 /src | |
parent | b56e38982040fdf884db7c19f7d3bd490d8ec118 (diff) | |
download | ui-gadget-1-c1383a9d34d47837503a61ba5affda841156c4eb.tar.gz ui-gadget-1-c1383a9d34d47837503a61ba5affda841156c4eb.tar.bz2 ui-gadget-1-c1383a9d34d47837503a61ba5affda841156c4eb.zip |
Loading library with absolute path
- Loading libraries without specifying an absolute path could allow an
attacker to load a malicious library by changing $LD_* or other aspects
of the program's execution environment.
Change-Id: Ic51469d1ffab14008e8ef550ae604ee7f3138994
Signed-off-by: Jiwoong Im <jiwoong.im@samsung.com>
Diffstat (limited to 'src')
-rw-r--r-- | src/engine.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/engine.c b/src/engine.c index bf9e32a..a208ceb 100644 --- a/src/engine.c +++ b/src/engine.c @@ -51,7 +51,7 @@ struct ug_engine *ug_engine_load() return NULL; } - handle = dlopen("libui-gadget-1-efl-engine.so", RTLD_LAZY); + handle = dlopen(UG_LIB_DIR"/libui-gadget-1-efl-engine.so", RTLD_LAZY); if (!handle) { _ERR("dlopen failed: %s", dlerror()); goto engine_free; |