![]() |
|
Message-ID: <20141218144630.GA4939@jwilk.net> Date: Thu, 18 Dec 2014 15:46:30 +0100 From: Jakub Wilk <jwilk@...lk.net> To: oss-security@...ts.openwall.com Subject: Re: Running Java across a privilege boundry * Martin Carpenter <mcarpenter@...e.fr>, 2014-12-18, 14:53: >>https://bugs.debian.org/754278 >Could this have been caught in package QA with an automated check on >R(UN)PATH? Absolutely. Lintian has a check for RPATH (but not for RUNPATH, AFAICT); alas, it doesn't distinguish between security and non-security problems: https://lintian.debian.org/tags/binary-or-shlib-defines-rpath.html (NB, this is where I spotted the bug.) I requested a separate tag for relative RPATH a while ago: https://bugs.debian.org/732682 Now we "only" need someone to write the code. :-) >(If that exists, how did it get missed? If not, could it be added? >Where? https://wiki.debian.org/qa.debian.org). The wiki page has a link to lintian.debian.org. -- Jakub Wilk
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.