On Wednesday, August 14, 2013 9:11:26 AM UTC-7, Volker Braun wrote:
> It has never correctly dealt with rpaths, which is currently a security
> hole if anybody has control of the path where Sage was built.
>
Good point. How common and portable is "chrpath" ? It seems the problem is
rather contained:
$ cd $SAGE_ROOT/local/lib
$ for i in `ls *.so`; do chrpath $i; done | grep RPATH | wc
29 58 1448
sh-4.2$ ls *.so | wc
61 61 832
$ for i in `ls *.so*`; do chrpath $i; done | grep RPATH | awk ' {print $2}'
| sort | uniq
RPATH=$ORIGIN/
RPATH=/usr/local/sage/5.10/local/lib
RPATH=/usr/local/sage/5.10/local/lib/:/usr/local/sage/5.10/local/lib
where we have:
libpolybori.so: RPATH=$ORIGIN/
libecl.so:
RPATH=/usr/local/sage/5.10/local/lib/:/usr/local/sage/5.10/local/lib
and a bunch of other libraries have just
"RPATH=/usr/local/sage/5.10/local/lib".
similar thing for local/bin.
So it seems to me changing RPATH upon relocation might be a doable
operation.
--
You received this message because you are subscribed to the Google Groups
"sage-support" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/sage-support.
For more options, visit https://groups.google.com/groups/opt_out.
