Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Thu, 18 Dec 2014 15:46:30 +0100
From: Jakub Wilk <jwilk@...lk.net>
To: oss-security@...ts.openwall.com
Subject: Re: Running Java across a privilege boundry

* Martin Carpenter <mcarpenter@...e.fr>, 2014-12-18, 14:53:
>>https://bugs.debian.org/754278
>Could this have been caught in package QA with an automated check on 
>R(UN)PATH?

Absolutely. Lintian has a check for RPATH (but not for RUNPATH, AFAICT); 
alas, it doesn't distinguish between security and non-security problems:
https://lintian.debian.org/tags/binary-or-shlib-defines-rpath.html
(NB, this is where I spotted the bug.)

I requested a separate tag for relative RPATH a while ago:
https://bugs.debian.org/732682
Now we "only" need someone to write the code. :-)

>(If that exists, how did it get missed? If not, could it be added?
>Where? https://wiki.debian.org/qa.debian.org).

The wiki page has a link to lintian.debian.org.

-- 
Jakub Wilk

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.