From: | Mike Frysinger <vapier@g.o> | ||
---|---|---|---|
To: | gentoo-portage-dev@l.g.o | ||
Subject: | Re: [gentoo-portage-dev] New preserve-libs feature | ||
Date: | Sat, 17 Feb 2007 14:03:36 | ||
Message-Id: | 200702170903.25307.vapier@gentoo.org | ||
In Reply to: | Re: [gentoo-portage-dev] New preserve-libs feature by Simon Stelling |
1 | On Saturday 17 February 2007, Simon Stelling wrote: |
2 | > Using preserve-libs it would leave the old lib around, |
3 | > making it possible for programs to link against the wrong version and |
4 | > ending up being vulnerable. |
5 | |
6 | generally, this is incorrect |
7 | |
8 | the only way you could link against it is if you were to actually specify the |
9 | full path to the library: |
10 | ... /usr/lib/libfoo.so.3 ... |
11 | |
12 | and since that's invalid usage, there is no real security impact |
13 | -mike |
Subject | Author |
---|---|
Re: [gentoo-portage-dev] New preserve-libs feature | Brian Harring <ferringb@×××××.com> |