Bug#495770: marble has rpath to insecure location (/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/)

Package: marble Version: 0.6+svn837399-1 Severity: serious Tags: security Hello Carsten, the amd64 marble package includes a ELF file /usr/lib/marble/plugins/libMarbleStarsPlugin.so with a rpath pointing to /tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/. There are others: $chrpath

Bug#495770: marble has rpath to insecure location (/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/)

#introduces a security hole allowing access to the accounts of users who use the package severity 495770 grave tags 495770 +patch thanks I have prepared a patch to debian/rules which fixes the issue by removing the rpath from all binaries in that directory. there is also some code in

Bug#495770: marble has rpath to insecure location (/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/)

Hi! isn't building with -DCMAKE_SKIP_RPATH=ON enough to fix it without using chrpath ? /Sune -- I cannot open a FPU, how does it work? You cannot turn on a tool for telnetting to the shell of the Fast jumper over a software on the monitor. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED]

Bug#495770: marble has rpath to insecure location (/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/)

Hi! On Wednesday 20 August 2008, Bill Allombert wrote: the amd64 marble package includes a ELF file /usr/lib/marble/plugins/libMarbleStarsPlugin.so with a rpath pointing to /tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/. Thanks for reporting this, I will fix it tomorrow morning. Carsten

Bug#495770: marble has rpath to insecure location (/tmp/buildd/marble-0.6+svn837399/debian/tmp/usr/)

isn't building with -DCMAKE_SKIP_RPATH=ON enough to fix it without using chrpath ? adding that to the CMAKE= line in debian/rules does indeed deal with the rpath issue -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]