Control: tags -1 + moreinfo Am 09.07.2014 14:06, schrieb Jakub Wilk: > Package: openjdk-7-jdk > Version: 7u60-2.5.0-1 > Severity: important > Tags: security > > Binaries in /usr/lib/jvm/java-7-openjdk-i386/bin/ have their RPATH set to > relative directories: > bootstrap/jre/lib/i386 > bootstrap/jre/lib/i386/jli > bootstrap/lib/i386 > > This means that the aforementioned tools cannot be securely used if cwd is > world-writable (e.g. /tmp). If local malicious user planted a trojaned library > there, the tools would happily load it.
how did you do this analysis, and how can I reproduce this? _______________________________________________ Mailing list: https://launchpad.net/~openjdk Post to : [email protected] Unsubscribe : https://launchpad.net/~openjdk More help : https://help.launchpad.net/ListHelp
