Bug are being filed left and right for rpath security problems but our teams seem to be under staffed and the problems are not being addressed quickly enough. This bug will serve to track a behavior change in how we deal with those rpaths. When FEATURES=stricter is not set and we encounter an insecure runpath we remove it from the offending ELF vs calling an exit. A QA warning should still be emited. When FEATURES=stricter is set we will continue to bail.
Created attachment 81302 [details, diff] ebuild-rpath.diff I'm thinking something like this patch
IMHO the QA warning shall be changed so that it doesn't reference bug 81745 but asks to file a bug against the package instead.
Created attachment 81344 [details, diff] ebuild-rpath.diff Updated version.
Created attachment 81402 [details, diff] ebuild-rpath.diff This versions picks up the /var/tmp cases also. (tested on pike)
s/{PORTAGE_BUILDDIR}/${PORTAGE_BUILDDIR}/ This will require the DEPEND in the next portage to be >=pax-utils-0.1.10
*** Bug 117335 has been marked as a duplicate of this bug. ***
Backported to portage/main/branches/2.0.54/bin
This should be closed