On Sep 8, 2004, Bob Friesenhahn <[EMAIL PROTECTED]> wrote: > After installing GCC 3.4.2 today, I see that it still suffers from a > libtool bug which may upset builds unless the GCC build directory is > removed. I have reported this bug to the GCC bug tracking system:
It's not exactly a bug. The problem is that libtool can't tell that some directory needed to bring in dep libs is to be used only at build time. We need some mechanism to tell libtool to strip certain directories from the installable .la file, something like -<option> /dir, that would omit options such as -L/dir and -L/dir/* specified in the command line into the build-time .la file, but not into the installable one. I suspect this problem affects many packages that rely on libtool's ability to resolve libtool dep libs given as -Ldir -lib, instead of as dir/libib.la. This happens to be a security issue, since if the build tree is removed and anyone can recreate the same tree (think /tmp/build/gcc/...), all you have to do is create some libraries with carefully-chosen names in there and wait for someone to link a C++ program using libtool and run it. -- Alexandre Oliva http://www.ic.unicamp.br/~oliva/ Red Hat Compiler Engineer [EMAIL PROTECTED], gcc.gnu.org} Free Software Evangelist [EMAIL PROTECTED], gnu.org} _______________________________________________ Libtool mailing list [EMAIL PROTECTED] http://lists.gnu.org/mailman/listinfo/libtool
