[EMAIL PROTECTED] wrote:
> Modified: . CHANGES Configure
> crypto/dso dso_dl.c
> Log:
> shl_load() also needs to load along a path given through an
> environment variable, SHLIB_PATH. This change makes that possible.
Loading shared libs from SHLIB_PATH or LD_LIBRARY_PATH is a huge security
hole. No security conscious program uses them, and IMO that capability
should be explicitly disabled in OpenSSL and users should simply be required
to provide complete path names (starting with '/').
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
