oss-sec mailing list archives

Re: Running Java across a privilege boundry

From: Alexander Cherepanov <cherepan () mccme ru>
Date: Thu, 18 Dec 2014 18:57:55 +0300

On 2014-12-18 12:45, Jakub Wilk wrote:

* Tim Brown <tmb () 65535 com>, 2014-12-18, 09:18:

The issue for anyone that was interested was as follows:

$ objdump -x /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java | grep RPATH

 RPATH
$ORIGIN/../lib/amd64/jli:bootstrap/jre/lib/amd64/jli:
$ORIGIN/../lib/amd64:bootstrap/lib/amd64:
$ORIGIN/../jre/lib/amd64:bootstrap/jre/lib/amd64


https://bugs.debian.org/754278

Shouldn't this be tracked as a security issue? I don't see it in Debiansecurity tracker. Why didn't you request CVE for it? Just curious.


--
Alexander Cherepanov

Current thread:

Re: Running Java across a privilege boundry, (continued)
- - - Re: Running Java across a privilege boundry Solar Designer (Nov 23)
    - Re: Running Java across a privilege boundry Solar Designer (Nov 25)
    - Re: Running Java across a privilege boundry Solar Designer (Dec 08)
    - Re: Running Java across a privilege boundry Tim Brown (Dec 18)
    - Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
    - Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
    - Re: Running Java across a privilege boundry Jakub Wilk (Dec 18)
    - Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
    - Re: Running Java across a privilege boundry Alexander Cherepanov (Dec 18)
    - Re: Running Java across a privilege boundry Martin Carpenter (Dec 18)
    - Re: Running Java across a privilege boundry Alexander Cherepanov (Dec 18)