RE: rpath (was Re: Two questions about policy)
On Fri, 6 Oct 2000 email@example.com wrote:
> If you want to use rpath then you might want to check it with
> somebody with experience in security (Debian security team?),
rpath has some advantages in this case over hardwiring the paths into the
executable (for example, you can add paths at runtime with
LD_LIBRARY_PATH), but I think this is going to cause too much trouble.
> I think one of the arguments was about security. I may be
> totally off here, but IIRC rpath also checks an environment
> variable and this is considered very insecure.
The enviroment is checked at each dlopen() except if the args to dlopen()
specify the full path or the program is a setuid application. rpath is no
less secure than programs without an rpath, but they help avoid trouble by
allowing the user to put libraries specific to a a certain paackage
(regina comes to mind :-) ) into a separate subdir and specifying it in
the rpath of the regina binaries, so that these programs still find their
libraries, but other programs don't.
GPG public key available from http://phobos.fs.tum.de/pgp/Simon.Richter.asc
Fingerprint: A319 A60F 20F6 C8A4 3C86 54B4 99CD AC6E 79D1 B1E7
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!