Bugzilla Bug 103776

I got this when upgrading net-snmp:

QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/media/bay/portage/portage/net-snmp-5.2.1.2/work/net-snmp-5.2.1.2/perl/ASN/../../snmplib/.libs:/usr/lib
usr/lib/perl5/site_perl/5.8.7/i686-linux-thread-multi/auto/NetSNMP/ASN/ASN.so
/media/bay/portage/portage/net-snmp-5.2.1.2/work/net-snmp-5.2.1.2/perl/agent/default_store/../../../snmplib/.libs:/usr/lib
usr/lib/perl5/site_perl/5.8.7/i686-linux-thread-multi/auto/NetSNMP/agent/default_store/default_store.so
/media/bay/portage/portage/net-snmp-5.2.1.2/work/net-snmp-5.2.1.2/perl/agent/../../agent/.libs:/media/bay/portage/portage/net-snmp-5.2.1.2/work/net-snmp-5.2.1.2/perl/agent/../../agent/helpers/.libs:/media/bay/portage/portage/net-snmp-5.2.1.2/work/net-snmp-5.2.1.2/perl/agent/../../snmplib/.libs:/usr/lib
usr/lib/perl5/site_perl/5.8.7/i686-linux-thread-multi/auto/NetSNMP/agent/agent.so
/media/bay/portage/portage/net-snmp-5.2.1.2/work/net-snmp-5.2.1.2/perl/OID/../../snmplib/.libs:/usr/lib
usr/lib/perl5/site_perl/5.8.7/i686-linux-thread-multi/auto/NetSNMP/OID/OID.so
/media/bay/portage/portage/net-snmp-5.2.1.2/work/net-snmp-5.2.1.2/perl/default_store/../../snmplib/.libs:/usr/lib
usr/lib/perl5/site_perl/5.8.7/i686-linux-thread-multi/auto/NetSNMP/default_store/default_store.so
/media/bay/portage/portage/net-snmp-5.2.1.2/work/net-snmp-5.2.1.2/perl/SNMP/../../snmplib/.libs:/usr/lib
usr/lib/perl5/site_perl/5.8.7/i686-linux-thread-multi/auto/SNMP/SNMP.so

full log to be attached.

Created an attachment (id=66893) [edit]
log of emerge of net-snmp-5.2.1.2

incidently, the relevant use flags are:

[ebuild    U ] net-analyzer/net-snmp-5.2.1.2 [5.2.1-r1] +X -doc +elf* +ipv6
-lm_sensors -minimal +perl +rpm* (-selinux) +smux* +ssl +tcpd

netmon herd, something needs to be fixed here...

something like this should solve it

$ cvs diff
cvs diff: Diffing .
Index: net-snmp-5.2.1.2.ebuild
===================================================================
RCS file: /var/cvsroot/gentoo-x86/net-analyzer/net-snmp/net-snmp-5.2.1.2.ebuild,
v
retrieving revision 1.10
diff -u -w -r1.10 net-snmp-5.2.1.2.ebuild
--- net-snmp-5.2.1.2.ebuild     7 Aug 2005 09:12:46 -0000       1.10
+++ net-snmp-5.2.1.2.ebuild     2 Sep 2005 10:20:45 -0000
@@ -59,6 +59,9 @@
        # bugs 68467 and 68254
        sed -i -e 's;embed_perl="yes",;embed_perl=$enableval,;' configure.in \
                || die "sed configure.in failed"
+       # bug 103776
+       sed -i -e 's/\(@(cd perl ; $(MAKE)\)\() ; \\\)/\1 LD_RUN_PATH=\2/g' \
+               Makefile.in || die "sed Makefile.in failed"
        # fix access violation in make check
        sed -i 's/\(snmpd.*\)-Lf/\1-l/' testing/eval_tools.sh || \
                die "sed eval_tools.sh failed"
cvs diff: Diffing files

sedfu is now present for each ebuild in cvs.  Thanks Tavis.

This allows portage -> user-of-net-snmp privilege escalation.

ka0ttic: We'll need an ebuild revbump so that people with affected net-snmp
things get rebuilt.

(In reply to comment #6)
> This allows portage -> user-of-net-snmp privilege escalation.
> 
> ka0ttic: We'll need an ebuild revbump so that people with affected net-snmp
> things get rebuilt.

err forgot.  a -r1 is in cvs.

-r1 seems to be stable on all arches, ready for GLSA.

GLSA 200509-05

*** Bug 118245 has been marked as a duplicate of this bug. ***