Bug#359234: libapache2-svn: modules have trapdoor rpath /tmp/svn
Laszlo Boszormenyi
gcs at lsc.hu
Mon Mar 27 19:10:48 UTC 2006
On Mon, 2006-03-27 at 11:57 -0600, Peter Samuelson wrote:
> [Bill Allombert]
> > libapache2-svn modules have a rpath pointing to /tmp:
[...]
> Extra rpaths are usually
> quite harmless, but you are right, if a buildd builds things in /tmp,
> it can be a security problem.
Err, it seems it was hand compiled. At least the rpath contains
/tmp/svn/subversion-1.3.0 , then I suspect a hand compilation. At least
why a buildd would use /tmp/svn/ as a build path?
> I'll take another look as soon as I get a chance.
IMHO a bin NMU would be enough in this case. But beware: there's a new
neon package version since then; and I couldn't build the current
Subversion package in a clean SID chroot due to a segfault building the
Java bindings.
Regards,
Laszlo/GCS
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: This is a digitally signed message part
Url : http://lists.alioth.debian.org/pipermail/pkg-subversion-maintainers/attachments/20060327/97856fce/attachment.pgp
More information about the pkg-subversion-maintainers
mailing list