Bug#495756: ecl has rpath to insecure location (/tmp/buildd/ecl-0.9j-20080306/build/)

Bill Allombert ballombe at debian.org
Wed Aug 20 08:55:51 UTC 2008


Package: ecl
Version: 0.9j-20080306-4
Severity: serious
Tags: security

Hello Debian Common Lisp Team,
ecl includes a ELF file /usr/lib/ecl/asdf.fas with a rpath pointing to
/tmp/buildd/ecl-0.9j-20080306/build/.

This allows an attacker with write access to that directory to
add modified libraries which will be loaded when someone
else run ecl.

Cheers,
-- 
Bill. <ballombe at debian.org>

Imagine a large red swirl here. 





More information about the pkg-common-lisp-devel mailing list