1 |
begin quote |
2 |
On 23 Apr 2004 15:09:26 -0400 |
3 |
Ned Ludd <solar@g.o> wrote: |
4 |
|
5 |
> |
6 |
> KDE/QT really needs to be careful with linking. I've done a rather |
7 |
> quick audit of ELF RPATH and KDE/QT is keeps RPATH's set to |
8 |
> /var/tmp/portage*. |
9 |
> This is very bad.. If say a user would do something as silly as |
10 |
> symlink /var/tmp and /tmp then complete control of the system could be |
11 |
> gained |
12 |
|
13 |
|
14 |
actually its not overly silly thing to do (symlink or bind mount) as the |
15 |
things in /var/tmp/portage arent really persistant between reboots (as |
16 |
the data in /var should be) . So from a users perspective it might even |
17 |
be seen as a "good thing(tm)". |
18 |
|
19 |
So yes, a check on the RPATH is good. |
20 |
|
21 |
//Spider |
22 |
|
23 |
-- |
24 |
begin .signature |
25 |
Tortured users / Laughing in pain |
26 |
See Microsoft KB Article Q265230 for more information. |
27 |
end |