[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: first draft of "relocatable" module
From: |
Bruno Haible |
Subject: |
Re: first draft of "relocatable" module |
Date: |
Sun, 4 Mar 2007 21:15:45 +0100 |
User-agent: |
KMail/1.5.4 |
Hello Ralf,
> > > > for example, --prefix=/tmp/inst$$.
> > >
> > > This bit doesn't. Since /tmp is usually world-writable, you've got your
> > > attack vector already.
> ... So after you've installed
> your stuff, at some point /tmp/inst$$ is removed again (possibly even by
> you). At that time, I can write to /tmp/inst$$. I can usually even
> look at your binaries (in the final location) first to find out about
> the value of $$ that was used by you at 'make install' time.
>
> That's a trivial attack on the systems where run path overrides the
> shared library path variable.
Thanks for explaining. It's not trivial - you have to know a bit about
LD_LIBRARY_PATH, -rpath, LD_RUN_PATH and the like, in order to understand it.
If we recommend to use
./configure --enable-relocatable --prefix=/etc
make
make install DESTDIR=/tmp/inst$$
then there should not be a security problem any more, right?
Bruno
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/01
- Re: first draft of "relocatable" module, Bruno Haible, 2007/03/01
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/02
- Re: first draft of "relocatable" module, Ralf Wildenhues, 2007/03/02
- Re: first draft of "relocatable" module,
Bruno Haible <=
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/04
- Re: first draft of "relocatable" module, Ralf Wildenhues, 2007/03/05
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/05
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/05
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/18
- Re: first draft of "relocatable" module, Daniel Jacobowitz, 2007/03/05
Re: first draft of "relocatable" module, Matthew Woehlke, 2007/03/02
Re: first draft of "relocatable" module, Bruno Haible, 2007/03/01
Re: first draft of "relocatable" module, Bruno Haible, 2007/03/01