jbig2enc icon indicating copy to clipboard operation
jbig2enc copied to clipboard
verified publisher icon agl

Insecure RPATH

Open orbisvicis opened this issue 12 years ago • 2 comments

RPATH is automatically set by libtool to: jbig2enc/src/.libs

On most builds, is such that any user can create RPATH, into which malicious libraries can be placed.

RPATH isn't necessary if the resulting library will be placed in the dynamic loader's (ld.so) system paths (the case with --prefix="/usr" or --prefix="/usr/local")

I suggest adding --disable-rpath configure option, so that user-prefix installations can still work (as well as other OSs) rather than simply disabling RPATH.

I also don't know how to do this.

orbisvicis avatar Jul 27 '13 19:07 orbisvicis

This is wrong. The only reason why you should end up with an rpath of .../.libs is if you forgot to run libtool --mode=install.

jsonn avatar Dec 09 '14 23:12 jsonn