| 1 |
On Fri, 2004-04-23 at 16:24, Spider wrote: |
| 2 |
> begin quote |
| 3 |
> On 23 Apr 2004 15:09:26 -0400 |
| 4 |
> Ned Ludd <solar@g.o> wrote: |
| 5 |
> |
| 6 |
> > |
| 7 |
> > KDE/QT really needs to be careful with linking. I've done a rather |
| 8 |
> > quick audit of ELF RPATH and KDE/QT is keeps RPATH's set to |
| 9 |
> > /var/tmp/portage*. |
| 10 |
> > This is very bad.. If say a user would do something as silly as |
| 11 |
> > symlink /var/tmp and /tmp then complete control of the system could be |
| 12 |
> > gained |
| 13 |
> |
| 14 |
> |
| 15 |
> actually its not overly silly thing to do (symlink or bind mount) as the |
| 16 |
> things in /var/tmp/portage arent really persistant between reboots (as |
| 17 |
> the data in /var should be) . So from a users perspective it might even |
| 18 |
> be seen as a "good thing(tm)". |
| 19 |
|
| 20 |
Perhaps our install guides should updated to reflect this should never |
| 21 |
be done. |
| 22 |
|
| 23 |
> |
| 24 |
> So yes, a check on the RPATH is good. |
| 25 |
> |
| 26 |
> //Spider |
| 27 |
-- |
| 28 |
Ned Ludd <solar@g.o> |
| 29 |
Gentoo Linux Developer |
Archives