Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 120366 - gnome-extra/gucharmap-1.4.4 has insecure RUNPATH's
Summary: gnome-extra/gucharmap-1.4.4 has insecure RUNPATH's
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Runpath Issues (show other bugs)
Hardware: x86 Linux
: High normal (vote)
Assignee: Gentoo Linux Gnome Desktop Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks: 81745
  Show dependency tree
 
Reported: 2006-01-25 19:43 UTC by James Hood
Modified: 2006-12-26 15:28 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments
Log of access violations (sandbox-gnome-extra_-_gucharmap-1.4.4-23893.log,918 bytes, text/plain)
2006-02-09 01:31 UTC, Abraham Marin Perez
Details

Note You need to log in before you can comment on or make changes to this bug.
Description James Hood 2006-01-25 19:43:16 UTC
QA Notice: the following files contain insecure RUNPATH's
 Please file a bug about this at http://bugs.gentoo.org/
 For more information on this issue, kindly review:
 http://bugs.gentoo.org/81745
/var/tmp/portage/gucharmap-1.4.4/image//usr/lib usr/bin/gucharmap


!!! ERROR: gnome-extra/gucharmap-1.4.4 failed.
!!! Function dyn_install, Line 1057, Exitcode 0
!!! Insecure binaries detected



emerge --info:
Portage 2.0.54 (default-linux/x86/2005.1, gcc-3.3.6, glibc-2.3.5-r2, 2.6.14-gentoo-r5 i686)
=================================================================
System uname: 2.6.14-gentoo-r5 i686 AMD Sempron(tm) Processor 3100+
Gentoo Base System version 1.6.14
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -march=i686 -pipe"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/share/config /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -march=i686 -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig distlocks sandbox sfperms strict"
GENTOO_MIRRORS="ftp://ftp.easynet.nl/mirror/gentoo/ http://ftp.easynet.nl/mirror/gentoo/  ftp://ftp.tu-clausthal.de/pub/linux/gentoo/ http://gentoo.osuosl.org/"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
SYNC="rsync://localbox[edit]/gentoo-portage"
USE="x86 X alsa apm arts audiofile avi berkdb bitmap-fonts bzip2 crypt cups eds emacs emboss encode esd exif expat fam firefox foomaticdb fortran gdbm gif glut gnome gpm gstreamer gtk gtk2 gtkhtml hal howl imlib ipv6 jpeg lcms libg++ libwww mad mikmod mng motif mp3 mpeg ncurses nls ogg oggvorbis opengl oss pam pdflib perl png python quicktime readline sdl spell ssl tcpd tiff truetype truetype-fonts type1-fonts udev usb vorbis xml2 xmms xv zlib userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS, PORTDIR_OVERLAY
Comment 1 Abraham Marin Perez 2006-02-09 01:30:31 UTC
Just trying to help with further tests and information I gave a go to the workaround in

http://forums.gentoo.org/viewtopic-p-3072660.html#3072660

That worked for me with other packages with RPATH problems, but no this time. I added the following piece of code:

src_install() {
    /usr/bin/chrpath -r /usr/lib /var/tmp/portage/gucharmap-1.4.4/image//usr/bin/gucharmap

    make DESTDIR=${D} install
}

as indicated on that post, but it caused some access violations (see attached file)

*******
emerge --info:

Portage 2.0.54 (default-linux/x86/2005.0, gcc-3.3.6, glibc-2.3.5-r2, 2.6.14-gentoo-r5 i686)
=================================================================
System uname: 2.6.14-gentoo-r5 i686 AMD Athlon(tm) XP 1700+
Gentoo Base System version 1.6.14
distcc 2.16 i686-pc-linux-gnu (protocols 1 and 2) (default port 3632) [disabled]
ccache version 2.3 [enabled]
dev-lang/python:     2.3.5-r2, 2.4.2
sys-apps/sandbox:    1.2.12
sys-devel/autoconf:  2.13, 2.59-r6
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r1
sys-devel/binutils:  2.16.1
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.8.1-r1, 2.6.11-r2
ACCEPT_KEYWORDS="x86"
AUTOCLEAN="yes"
CBUILD="i686-pc-linux-gnu"
CFLAGS="-O2 -pipe -march=athlon-xp -fomit-frame-pointer -fforce-addr -frerun-loop-opt -floop-optimize -frerun-cse-after-loop -falign-functions=4"
CHOST="i686-pc-linux-gnu"
CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3.3/env /usr/kde/3.3/share/config /usr/kde/3.3/shutdown /usr/kde/3.4/env /usr/kde/3.4/share/config /usr/kde/3.4/shutdown /usr/kde/3/share/config /usr/lib/X11/xkb /usr/lib/mozilla/defaults/pref /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/ /var/qmail/control"
CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d"
CXXFLAGS="-O2 -pipe -march=athlon-xp -fomit-frame-pointer -fforce-addr -frerun-loop-opt -floop-optimize -frerun-cse-after-loop -falign-functions=4"
DISTDIR="/usr/portage/distfiles"
FEATURES="autoconfig ccache distlocks sandbox sfperms strict test"
GENTOO_MIRRORS="http://linuv.uv.es/mirror/gentoo/ http://ftp.caliu.info/pub/gentoo/ http://mirror.ovh.net/gentoo-distfiles/"
LANG="es_ES.UTF-8"
LC_ALL="es_ES.UTF-8"
LINGUAS="es en"
MAKEOPTS="-j2"
PKGDIR="/usr/portage/packages"
PORTAGE_TMPDIR="/var/tmp"
PORTDIR="/usr/portage"
PORTDIR_OVERLAY="/usr/local/portage"
SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"
USE="3dnow X acpi alsa apache2 audiofile avi bash-completion bidi bitmap-fonts browserplugin bzip2 bzlib canna cdr cjk crypt cups curl dga directfb divx4linux doc dvb dvd dvdr eds emboss encode esd ethereal evo exif expat fam fbcon ffmpeg fftw flac foomaticdb freewnn ftp gb gcj gd gdbm gif glut gmp gnome gpm gstreamer gtk gtk2 gtkhtml hal iconv idn imagemagick imlib iodbc java jikes jpeg kde lcms libg++ libwww mad memlimit mikmod mime mmx mng motif mozilla mp3 mpeg msn nas nls nptl odbc offensive ogg oggvorbis openal opengl pam pcre pdflib perl png pnp posix ppds quicktime readline samba sdl sharedmem simplexml spell ssl svg svga sysvipc szip tcltk tcpd tetex theora threads tiff truetype truetype-fonts type1-fonts udev unicode usb userlocales videos vorbis wmf x86 xml xmms xv xvid zlib video_cards_nvidia linguas_es linguas_en userland_GNU kernel_linux elibc_glibc"
Unset:  ASFLAGS, CTARGET, LDFLAGS
Comment 2 Abraham Marin Perez 2006-02-09 01:31:26 UTC
Created attachment 79307 [details]
Log of access violations
Comment 3 solar (RETIRED) gentoo-dev 2006-03-05 08:03:11 UTC
The next ~arch portage revision will auto repair evil rpaths and not bail. 
Maintainers should still fix the packages they maintain as portage will only die
with FEATURES=stricter (but that is a maintainer & QA problem) no longer security@

http://bugs.gentoo.org/show_bug.cgi?id=124962
Comment 4 Mart Raudsepp gentoo-dev 2006-09-17 16:18:56 UTC
Reassigning to gnome herd then.
Comment 5 Saleem Abdulrasool (RETIRED) gentoo-dev 2006-12-26 15:28:50 UTC
This version is no longer in portage, and the current gucharmap does not contain insecure RUNPATHs, marking this as FIXED.