On Mon, Mar 27, 2006 at 09:10:48PM +0200, Laszlo Boszormenyi wrote:
> On Mon, 2006-03-27 at 11:57 -0600, Peter Samuelson wrote:
> > [Bill Allombert]
> > > libapache2-svn modules have a rpath pointing to /tmp:
> [...]
> > Extra rpaths are usually
> > quite harmless, but you are right, if a buildd bu
On Mon, 2006-03-27 at 21:24 +0200, Bill Allombert wrote:
> On Mon, Mar 27, 2006 at 09:10:48PM +0200, Laszlo Boszormenyi wrote:
> > On Mon, 2006-03-27 at 11:57 -0600, Peter Samuelson wrote:
> > > I'll take another look as soon as I get a chance.
> > IMHO a bin NMU would be enough in this case.
> A
On Mon, 2006-03-27 at 11:57 -0600, Peter Samuelson wrote:
> [Bill Allombert]
> > libapache2-svn modules have a rpath pointing to /tmp:
[...]
> Extra rpaths are usually
> quite harmless, but you are right, if a buildd builds things in /tmp,
> it can be a security problem.
Err, it seems it was hand
[Bill Allombert]
> libapache2-svn modules have a rpath pointing to /tmp:
Ah, quite so. I ported the nuke-the-rpaths patch to 1.2.3 but
incompletely, intending to finish it when I got a chance (the part with
the apache modules was very confusing to me). Extra rpaths are usually
quite harmless, b
Package: libapache2-svn
Version: 1.3.0-4
Severity: grave
Tags: security
Hello Guilherme,
libapache2-svn modules have a rpath pointing to /tmp:
%chrpath usr/lib/apache2/modules/mod_*
usr/lib/apache2/modules/mod_authz_svn.so:
RPATH=/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_subr/.libs:/tmp
5 matches
Mail list logo