Package: libgpib-perl Version: 3.2.06-2 Severity: grave Tags: security Hello Robert,
LinuxGpib.so includes a rpath pointing to /tmp/buildd/... %chrpath usr/lib/perl5/auto/LinuxGpib/LinuxGpib.so usr/lib/perl5/auto/LinuxGpib/LinuxGpib.so: RPATH=/tmp/buildd/gpib-3.2.06/build-tree/linux-gpib-3.2.06/language/perl/../../lib/.libs Since /tmp is usr-writable, a local user can install rogue libraries that will be linked by LinuxGpib.so at run time. Cheers, -- Bill. <[EMAIL PROTECTED]> Imagine a large red swirl here. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
