Andrew Stitcher commented on PROTON-808:

Privileged executable = executable run as root.

So if root was to ever run one of the executable installed with RPATH pointing 
to a location that people can generally write to then someone with local access 
can get root.

The original exploits were when executables still had their original rpaths and 
were just copied to install locations so that you could exploit by writing to 
the original build location.

In our case the risk is smaller.

I don't understand your comment about different access rights though.

> Binaries have their library locations stripped
> ----------------------------------------------
>                 Key: PROTON-808
>                 URL: https://issues.apache.org/jira/browse/PROTON-808
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>            Reporter: Justin Ross
>         Attachments: cmake.patch
> 1. Build proton
> 2. Install to /usr/local
> 3. Run "proton"
> -> Blows up, can't find its library
> https://paste.apache.org/gd56
> http://stackoverflow.com/questions/3352041/creating-binary-with-cmake-removes-runtime-path
> The default behavior of cmake is in my opinion wrong, and we should use the 
> fix mentioned in that stackoverflow discussion.

This message was sent by Atlassian JIRA

Reply via email to