Control: tags -1 + moreinfo Am 09.07.2014 14:06, schrieb Jakub Wilk: > Package: openjdk-7-jdk > Version: 7u60-2.5.0-1 > Severity: important > Tags: security > > Binaries in /usr/lib/jvm/java-7-openjdk-i386/bin/ have their RPATH set to > relative directories: > bootstrap/jre/lib/i386 > bootstrap/jre/lib/i386/jli > bootstrap/lib/i386 > > This means that the aforementioned tools cannot be securely used if cwd is > world-writable (e.g. /tmp). If local malicious user planted a trojaned library > there, the tools would happily load it.
how did you do this analysis, and how can I reproduce this? -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
