| 1 |
begin quote |
| 2 |
On 23 Apr 2004 15:09:26 -0400 |
| 3 |
Ned Ludd <solar@g.o> wrote: |
| 4 |
|
| 5 |
> |
| 6 |
> KDE/QT really needs to be careful with linking. I've done a rather |
| 7 |
> quick audit of ELF RPATH and KDE/QT is keeps RPATH's set to |
| 8 |
> /var/tmp/portage*. |
| 9 |
> This is very bad.. If say a user would do something as silly as |
| 10 |
> symlink /var/tmp and /tmp then complete control of the system could be |
| 11 |
> gained |
| 12 |
|
| 13 |
|
| 14 |
actually its not overly silly thing to do (symlink or bind mount) as the |
| 15 |
things in /var/tmp/portage arent really persistant between reboots (as |
| 16 |
the data in /var should be) . So from a users perspective it might even |
| 17 |
be seen as a "good thing(tm)". |
| 18 |
|
| 19 |
So yes, a check on the RPATH is good. |
| 20 |
|
| 21 |
//Spider |
| 22 |
|
| 23 |
-- |
| 24 |
begin .signature |
| 25 |
Tortured users / Laughing in pain |
| 26 |
See Microsoft KB Article Q265230 for more information. |
| 27 |
end |
Archives