Re: [Proposal] binaries must not have rpath outside /usr/lib/<dir>/
On Wed, Nov 30, 2005 at 01:04:45PM +0000, Ian Jackson wrote:
> Bill Allombert writes ("[Proposal] binaries must not have rpath outside /usr/lib/<dir>/"):
> > 3) rpath to the build environment: this can be a security hole on
> > a system where per chance the path lead to a user writable directory.
>
> Any package like that is of course definitely wrong, and we don't need
> to read the policy manual to know this. I think this is one of those
> rare cases where it's worth specifically mentioning a kind of bug that
> often occurs, to help people avoid it.
>
> I'm pointing this out because there seems to be some opposition to
> putting things in the policy manual that are just obvious bugs.
I agree, but if we are going to mention 2) we can as well mention 3)
which is actually more frequent.
> On the other hand, your subject says
> Subject: Re: [Proposal] binaries must not have rpath outside /usr/lib/<dir>/
> which I'm not wholly convinced by.
>
> Just as one example, a program might reasonably have an rpath in
> /usr/local/lib/<package>/. And there might be other reasons why
> unusual rpaths would be right.
My first subject (not text) was "[Proposal] binaries must not have
rpath" but I thought someone would complain so I changed it. I don't
think the subject line can ever do justice to the text. If you have a
better subject (and/or wording), be my guest!
Cheers,
--
Bill. <ballombe@debian.org>
Imagine a large red swirl here.
Reply to: