Hello Ralf,
> > > > for example, --prefix=/tmp/inst$$.
> > >
> > > This bit doesn't. Since /tmp is usually world-writable, you've got your
> > > attack vector already.
> ... So after you've installed
> your stuff, at some point /tmp/inst$$ is removed again (possibly even by
> you). At that time, I can write to /tmp/inst$$. I can usually even
> look at your binaries (in the final location) first to find out about
> the value of $$ that was used by you at 'make install' time.
>
> That's a trivial attack on the systems where run path overrides the
> shared library path variable.
Thanks for explaining. It's not trivial - you have to know a bit about
LD_LIBRARY_PATH, -rpath, LD_RUN_PATH and the like, in order to understand it.
If we recommend to use
./configure --enable-relocatable --prefix=/etc
make
make install DESTDIR=/tmp/inst$$
then there should not be a security problem any more, right?
Bruno
