Bug#359234: libapache2-svn: modules have trapdoor rpath /tmp/svn

Bill Allombert Mon, 27 Mar 2006 04:38:57 -0800

Package: libapache2-svn
Version: 1.3.0-4
Severity: grave
Tags: security

Hello Guilherme,


libapache2-svn modules have a rpath pointing to /tmp:

%chrpath usr/lib/apache2/modules/mod_*
usr/lib/apache2/modules/mod_authz_svn.so: 
RPATH=/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_subr/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_repos/.libs
usr/lib/apache2/modules/mod_dav_svn.so: 
RPATH=/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_repos/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_fs/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_delta/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_subr/.libs

Since /tmp/ is user-writable, this allows local users to install rogue
libraries that will be linked by the modules.

Cheers,
-- 
Bill. <[EMAIL PROTECTED]>

Imagine a large red swirl here. 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Bug#359234: libapache2-svn: modules have trapdoor rpath /tmp/svn

Reply via email to