oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Running Java across a privilege boundry

From: Jakub Wilk <jwilk () jwilk net>
Date: Thu, 18 Dec 2014 15:46:30 +0100
* Martin Carpenter <mcarpenter () free fr>, 2014-12-18, 14:53:

https://bugs.debian.org/754278
Could this have been caught in package QA with an automated check on R(UN)PATH?
Absolutely. Lintian has a check for RPATH (but not for RUNPATH, AFAICT); alas, it doesn't distinguish between security and non-security problems: 
https://lintian.debian.org/tags/binary-or-shlib-defines-rpath.html
(NB, this is where I spotted the bug.)

I requested a separate tag for relative RPATH a while ago:
https://bugs.debian.org/732682
Now we "only" need someone to write the code. :-)


(If that exists, how did it get missed? If not, could it be added?
Where? https://wiki.debian.org/qa.debian.org).


The wiki page has a link to lintian.debian.org.

--
Jakub Wilk
Previous By Date Next
Previous By Thread Next

Current thread: