-
Notifications
You must be signed in to change notification settings - Fork 86
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Insecure RPATH #42
Comments
agl
added a commit
that referenced
this issue
Apr 7, 2014
configure: add option '--disable-rpath' (Issue #42)
This is wrong. The only reason why you should end up with an rpath of .../.libs is if you forgot to run libtool --mode=install. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
RPATH is automatically set by libtool to:
jbig2enc/src/.libs
On most builds, is such that any user can create RPATH, into which malicious libraries can be placed.
RPATH isn't necessary if the resulting library will be placed in the dynamic loader's (ld.so) system paths (the case with --prefix="/usr" or --prefix="/usr/local")
I suggest adding --disable-rpath configure option, so that user-prefix installations can still work (as well as other OSs) rather than simply disabling RPATH.
I also don't know how to do this.
The text was updated successfully, but these errors were encountered: