Bug#495770: marble has rpath to insecure location (/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/)

Wed, 20 Aug 2008 03:14:51 -0700 

Package: marble
Version: 0.6+svn837399-1
Severity: serious
Tags: security

Hello Carsten,
the amd64 marble package includes a ELF file
/usr/lib/marble/plugins/libMarbleStarsPlugin.so with a rpath pointing to
/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/.

There are others:

$chrpath /usr/lib/marble/plugins/*
/usr/lib/marble/plugins/libCompassFloatItem.so: 
RPATH=/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/
/usr/lib/marble/plugins/libMapScaleFloatItem.so: 
RPATH=/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/
/usr/lib/marble/plugins/libMarbleOverviewMap.so: 
RPATH=/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/
/usr/lib/marble/plugins/libMarbleStarsPlugin.so: 
RPATH=/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/

This allows an attacker with write access to that directory to
add modified libraries which will be loaded when someone
else run marble.

Cheers,
-- 
Bill. <[EMAIL PROTECTED]>

Imagine a large red swirl here. 



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Reply via email to