summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJiwoong Im <jiwoong.im@samsung.com>2017-04-28 13:51:24 +0900
committerJiwoong Im <jiwoong.im@samsung.com>2017-04-28 04:52:32 +0000
commitc1383a9d34d47837503a61ba5affda841156c4eb (patch)
tree579805c55f7a9b4d7ec1062b12f7efaf161ae318 /src
parentb56e38982040fdf884db7c19f7d3bd490d8ec118 (diff)
downloadui-gadget-1-c1383a9d34d47837503a61ba5affda841156c4eb.tar.gz
ui-gadget-1-c1383a9d34d47837503a61ba5affda841156c4eb.tar.bz2
ui-gadget-1-c1383a9d34d47837503a61ba5affda841156c4eb.zip
Loading library with absolute path
- Loading libraries without specifying an absolute path could allow an attacker to load a malicious library by changing $LD_* or other aspects of the program's execution environment. Change-Id: Ic51469d1ffab14008e8ef550ae604ee7f3138994 Signed-off-by: Jiwoong Im <jiwoong.im@samsung.com>
Diffstat (limited to 'src')
-rw-r--r--src/engine.c2
1 files changed, 1 insertions, 1 deletions
diff --git a/src/engine.c b/src/engine.c
index bf9e32a..a208ceb 100644
--- a/src/engine.c
+++ b/src/engine.c
@@ -51,7 +51,7 @@ struct ug_engine *ug_engine_load()
return NULL;
}
- handle = dlopen("libui-gadget-1-efl-engine.so", RTLD_LAZY);
+ handle = dlopen(UG_LIB_DIR"/libui-gadget-1-efl-engine.so", RTLD_LAZY);
if (!handle) {
_ERR("dlopen failed: %s", dlerror());
goto engine_free;