[GE users] Library compatibility on OSX

Andy Schwierskott andy.schwierskott at sun.com
Mon Aug 30 14:24:29 BST 2004


    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "ISO-8859-10" character set.  ]
    [ Some special characters may be displayed incorrectly. ]

Hi,

I understand the inherent conflict wiht the openssl library.

I think the following could be a backward compatible RFE 
on all architecture where we use the dlopen() call for opening shared libaries
(we don't do it on all archs and we don't do it (yet) for all shared
libaries, e.g. libXltree and libspoolc are linked with qmon and
doesn't use dlopen()):

Description:
------------

Grid Engine commands will try to open all libraries which are loaded with
dlopen() with the absolute path $SGE_ROOT/lib/<arch>. If this doesn't work
the libary is tried to be lioaded without an absolute pathname (fallback
behavior).

I think this doesn't open a security whole: As with LD_LIBRARY_PATH a user
could load any "faked" ssl library, a user could load any ssl libaray by
setting $SGE_ROOT to his private directory (it's anyhow interesting that
LD_LIBRARY_PATH can be set to any directory where I can have my own versions
of shared libraries which is loaded unconditionally by the library).

For 6.1 this scheme should be generalized and the bootstrap file should get a
new setting "library_path".

RFC's? Ideas? Any comments about security aspects?

Andy

> Agreed...
>
> We should use $SGE_ROOT, $SGE_CELL, and the "arch name" to locate the
> libraries shipped with SGE. DYLD_LIBRARY_PATH (or LD_LIBRARY_PATH) is not a
> clean solution.
>
> Rayson
>
>> The only reliable solution I see, is to use dlopen() together with
>> a pathname and stop relying on environment variables like
>> DYLD_LIBRARY_PATH.


    [ Part 2: "Attached Text" ]

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe at gridengine.sunsource.net
For additional commands, e-mail: users-help at gridengine.sunsource.net



More information about the gridengine-users mailing list