oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Running Java across a privilege boundry

From: Martin Carpenter <mcarpenter () free fr>
Date: Thu, 18 Dec 2014 18:50:51 +0100
On Thu, 2014-12-18 at 15:46 +0100, Jakub Wilk wrote:


Absolutely. Lintian has a check for RPATH (but not for RUNPATH, AFAICT); 
alas, it doesn't distinguish between security and non-security problems:
https://lintian.debian.org/tags/binary-or-shlib-defines-rpath.html


Aha, thanks. Security vs. non-security is perhaps not a disaster:
"serious, certain" would already be an improvement over not flagging
this at all.



I requested a separate tag for relative RPATH a while ago:
https://bugs.debian.org/732682
Now we "only" need someone to write the code. :-)


Great! Is that all we need? The tests reference the Debian policy manual
(package debian-policy):

https://www.debian.org/doc/debian-policy/ch-sharedlibs.html

(for completeness: also sections 10.2, 10.3).

This references neither RPATH nor RUNPATH. Perhaps we need to fix that
first?

Suggested addition:

8.7 RUNPATH and RPATH
Libraries that define RPATH or RUNPATH should ensure that this does not
contain relative paths. This is to prevent an executable from loading a
library from an untrusted location. (This should include the corner
cases whereby the path starts or ends with a colon, or includes two
consecutive colons).


Did I miss anything?
Previous By Date Next
Previous By Thread Next

Current thread: