oss-sec mailing list archives
Re: Running Java across a privilege boundry
From: Jakub Wilk <jwilk () jwilk net>
Date: Thu, 18 Dec 2014 15:46:30 +0100
* Martin Carpenter <mcarpenter () free fr>, 2014-12-18, 14:53:
Could this have been caught in package QA with an automated check on R(UN)PATH?https://bugs.debian.org/754278
Absolutely. Lintian has a check for RPATH (but not for RUNPATH, AFAICT); alas, it doesn't distinguish between security and non-security problems:
https://lintian.debian.org/tags/binary-or-shlib-defines-rpath.html (NB, this is where I spotted the bug.) I requested a separate tag for relative RPATH a while ago: https://bugs.debian.org/732682 Now we "only" need someone to write the code. :-)
(If that exists, how did it get missed? If not, could it be added? Where? https://wiki.debian.org/qa.debian.org).
The wiki page has a link to lintian.debian.org. -- Jakub Wilk
Current thread:
- Re: Running Java across a privilege boundry, (continued)
- Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
- Re: Running Java across a privilege boundry Marc Chadwick (Nov 22)
- Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
- Re: Running Java across a privilege boundry Tim Brown (Nov 22)
- Re: Running Java across a privilege boundry Solar Designer (Nov 23)
- Re: Running Java across a privilege boundry Solar Designer (Nov 25)
- Re: Running Java across a privilege boundry Solar Designer (Dec 08)
- Re: Running Java across a privilege boundry Tim Brown (Dec 18)
- Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
- Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
- Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
- Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
- Re: Running Java across a privilege boundry Alexander Cherepanov (Dec 18)
- Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
- Re: Running Java across a privilege boundry Marc Chadwick (Nov 22)
- Re: Running Java across a privilege boundry Russ Allbery (Nov 22)
- Re: Running Java across a privilege boundry Alexander Cherepanov (Dec 18)