Bug#495756: ecl has rpath to insecure location (/tmp/buildd/ecl-0.9j-20080306/build/)

Bill Allombert ballombe at debian.org
Wed Aug 20 08:55:51 UTC 2008

Package: ecl
Version: 0.9j-20080306-4
Severity: serious
Tags: security

Hello Debian Common Lisp Team,
ecl includes a ELF file /usr/lib/ecl/asdf.fas with a rpath pointing to

This allows an attacker with write access to that directory to
add modified libraries which will be loaded when someone
else run ecl.

Bill. <ballombe at debian.org>

Imagine a large red swirl here. 

More information about the pkg-common-lisp-devel mailing list