Bug#495756: ecl has rpath to insecure location (/tmp/buildd/ecl-0.9j-20080306/build/)
Bill Allombert
ballombe at debian.org
Wed Aug 20 08:55:51 UTC 2008
Package: ecl
Version: 0.9j-20080306-4
Severity: serious
Tags: security
Hello Debian Common Lisp Team,
ecl includes a ELF file /usr/lib/ecl/asdf.fas with a rpath pointing to
/tmp/buildd/ecl-0.9j-20080306/build/.
This allows an attacker with write access to that directory to
add modified libraries which will be loaded when someone
else run ecl.
Cheers,
--
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
More information about the pkg-common-lisp-devel
mailing list