Summary: | net-p2p/sancho-bin problem with relative DT_RPATH '.:./lib' | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Krzysztof Pawlik (RETIRED) <nelchael> |
Component: | Runpath Issues | Assignee: | Gentoo net-p2p team <net-p2p> |
Status: | RESOLVED FIXED | ||
Severity: | normal | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | |||
Bug Blocks: | 81745 |
Description
Krzysztof Pawlik (RETIRED)
2006-01-20 11:32:43 UTC
the sancho wrapper script cd's to /opt/bin before executing, so not possible to exploit this unless someone executes it directly. nevertheless, should be fixed. The next ~arch portage revision will auto repair evil rpaths and not bail. Maintainers should still fix the packages they maintain as portage will only die with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@ http://bugs.gentoo.org/show_bug.cgi?id=124962 No longer a security issue with current stable portage, re-assigning to maintainer. As it's a not a security issue anymore |