https://gcc.gnu.org/bugzilla/show_bug.cgi?id=85884
Bug ID: 85884 Summary: On --enable-vtable-verify --enable-libvtv libstdc++.so contains insecure runpath after install: Product: gcc Version: 8.0.1 Status: UNCONFIRMED Severity: normal Priority: P3 Component: libstdc++ Assignee: unassigned at gcc dot gnu.org Reporter: slyfox at inbox dot ru Target Milestone: --- Bug originally found by QA tools in Gentoo: https://bugs.gentoo.org/582524 * QA Notice: The following files contain insecure RUNPATHs * /var/tmp/portage/sys-devel/gcc-6.4.0/image/usr/lib/gcc/x86_64-pc-linux-gnu/6.4.0/libstdc++.so.6.0.22 * RPATH: /var/tmp/portage/sys-devel/gcc-6.4.0/work/build/x86_64-pc-linux-gnu/libstdc++-v3/../libvtv/.libs How to reproduce: build/install gcc with --enable-vtable-verify --enable-libvtv and observe RUNPATH leaking into build directory: Directory layout: - gcc source: /home/slyfox/dev/git/gcc - gcc build dir: /home/slyfox/dev/git/gcc-vtv - gcc install dir: /home/slyfox/dev/git/gcc-vtv-installed 1. gcc-vtv $ ../gcc/configure \ \ --prefix="$(pwd)/../gcc-vtv-installed" \ \ --disable-bootstrap \ \ --enable-languages=c,c++ \ --disable-nls \ \ --enable-vtable-verify \ --enable-libvtv \ \ CFLAGS="-O0" CXXFLAGS="-O0" 2. gcc-vtv $ make && make install 3. gcc-vtv $ LANG=C readelf -a ../gcc-vtv-installed/lib32/libstdc++.so.6.0.25 | fgrep gcc-vtv 0x0000001d (RUNPATH) Library runpath: [/home/slyfox/dev/git/gcc-vtv/x86_64-pc-linux-gnu/32/libstdc++-v3/../libvtv/.libs] Note: RUNPATH contains a reference to build directory. It should not. ./configure unconditionally injects -rpath into LDFLAGS at: https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=libstdc%2B%2B-v3/acinclude.m4;h=3bd669a4cc8f5ca07347528b608882e43693a92e;hb=HEAD#l2769 libstdc++-v3/acinclude.m4;h 2753 if test $enable_vtable_verify = yes; then ... 2768 *) 2769 VTV_CXXFLAGS="-fvtable-verify=std -Wl,-u_vtable_map_vars_start,-u_vtable_map_vars_end" 2770 VTV_CXXLINKFLAGS="-L${toplevel_builddir}/libvtv/.libs -Wl,--rpath -Wl,${toplevel_builddir}/libvtv/.libs" 2771 ;; 2772 esac and uses it in make at: https://gcc.gnu.org/git/?p=gcc.git;a=blob;f=libstdc%2B%2B-v3/src/Makefile.am;h=ba30dde8fecbef2990f89d12e0729f3727d86b00;hb=HEAD#l220 libstdc++-v3/src/Makefile.am 216 CXXLINK = \ ... 220 $(VTV_CXXLINKFLAGS) \ It looks like relinking step is missing at install time. Thanks!