[Proposal] binaries must not have rpath outside /usr/lib/<dir>/
Hello Debian-policy,
I would propose to forbid improper rpath in binaries.
Looking here I see 3 cases:
<http://lintian.debian.org/reports/Tbinary-or-shlib-defines-rpath.html>
1) rpath to /usr/lib/<dir>/: this is probably OK at least if the
libraries in /usr/lib/<dir>/ are shipped in the same package
(10.2. par 6-7).
2) rpath to /usr/lib and to /usr/X11R6/lib: this is useless and can
cause problem we move /usr/X11R6/lib to /usr/lib or /usr/lib to /lib
(hurd). This has been deprecated since the libc6 transition.
3) rpath to the build environment: this can be a security hole on
a system where per chance the path lead to a user writable directory.
So I would propose for policy explicitly forbid 2) and 3).
Opinions ?
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
Reply to: