On Mon, Mar 27, 2006 at 09:10:48PM +0200, Laszlo Boszormenyi wrote: > On Mon, 2006-03-27 at 11:57 -0600, Peter Samuelson wrote: > > [Bill Allombert] > > > libapache2-svn modules have a rpath pointing to /tmp: > [...] > > Extra rpaths are usually > > quite harmless, but you are right, if a buildd builds things in /tmp, > > it can be a security problem. > Err, it seems it was hand compiled. At least the rpath contains > /tmp/svn/subversion-1.3.0 , then I suspect a hand compilation. At least > why a buildd would use /tmp/svn/ as a build path? > > > I'll take another look as soon as I get a chance. > IMHO a bin NMU would be enough in this case. But beware: there's a new > neon package version since then; and I couldn't build the current > Subversion package in a clean SID chroot due to a segfault building the > Java bindings.
Hello Laszlo, A binNMU will change the rpath but not fix the bug: The alpha binary has a rpath of: /build/buildd/subversion-1.3.0/BUILD/subversion/libsvn_subr/.libs:/build/buildd/subversion-1.3.0/BUILD/subversion/libsvn_repos/.libs which is still wrong. Cheers, Bill. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
