Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Thu, 18 Dec 2014 18:57:55 +0300
From: Alexander Cherepanov <>
Subject: Re: Running Java across a privilege boundry

On 2014-12-18 12:45, Jakub Wilk wrote:
> * Tim Brown <>, 2014-12-18, 09:18:
>> The issue for anyone that was interested was as follows:
>>> $ objdump -x /usr/lib/jvm/java-7-openjdk-amd64/jre/bin/java | grep RPATH
>>>  RPATH
>>> $ORIGIN/../lib/amd64/jli:bootstrap/jre/lib/amd64/jli:
>>> $ORIGIN/../lib/amd64:bootstrap/lib/amd64:
>>> $ORIGIN/../jre/lib/amd64:bootstrap/jre/lib/amd64

Shouldn't this be tracked as a security issue? I don't see it in Debian 
security tracker. Why didn't you request CVE for it? Just curious.

Alexander Cherepanov

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.