Archives
Archives
| From: | Mike Frysinger <vapier@g.o> | ||
|---|---|---|---|
| To: | gentoo-portage-dev@l.g.o | ||
| Subject: | Re: [gentoo-portage-dev] New preserve-libs feature | ||
| Date: | Sat, 17 Feb 2007 14:03:36 | ||
| Message-Id: | 200702170903.25307.vapier@gentoo.org | ||
| In Reply to: | Re: [gentoo-portage-dev] New preserve-libs feature by Simon Stelling |
||
| 1 | On Saturday 17 February 2007, Simon Stelling wrote: |
| 2 | > Using preserve-libs it would leave the old lib around, |
| 3 | > making it possible for programs to link against the wrong version and |
| 4 | > ending up being vulnerable. |
| 5 | |
| 6 | generally, this is incorrect |
| 7 | |
| 8 | the only way you could link against it is if you were to actually specify the |
| 9 | full path to the library: |
| 10 | ... /usr/lib/libfoo.so.3 ... |
| 11 | |
| 12 | and since that's invalid usage, there is no real security impact |
| 13 | -mike |
| Subject | Author |
|---|---|
| Re: [gentoo-portage-dev] New preserve-libs feature | Brian Harring <ferringb@×××××.com> |