Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Insecure RPATH #42

Open
orbisvicis opened this issue Jul 27, 2013 · 1 comment
Open

Insecure RPATH #42

orbisvicis opened this issue Jul 27, 2013 · 1 comment

Comments

@orbisvicis
Copy link

RPATH is automatically set by libtool to:
jbig2enc/src/.libs

On most builds, is such that any user can create RPATH, into which malicious libraries can be placed.

RPATH isn't necessary if the resulting library will be placed in the dynamic loader's (ld.so) system paths (the case with --prefix="/usr" or --prefix="/usr/local")

I suggest adding --disable-rpath configure option, so that user-prefix installations can still work (as well as other OSs) rather than simply disabling RPATH.

I also don't know how to do this.
@zdenop zdenop mentioned this issue Jan 6, 2014
Merged
agl added a commit that referenced this issue Apr 7, 2014
@agl
Merge pull request #43 from zdenop/upstream-rpath
0693dcd 
configure: add option '--disable-rpath' (Issue #42)
@jsonn
Copy link

jsonn commented Dec 9, 2014

This is wrong. The only reason why you should end up with an rpath of .../.libs is if you forgot to run libtool --mode=install.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jsonn @orbisvicis