Bug#359234: libapache2-svn: modules have trapdoor rpath /tmp/svn
Bill Allombert
ballombe at debian.org
Mon Mar 27 12:54:15 UTC 2006
Package: libapache2-svn
Version: 1.3.0-4
Severity: grave
Tags: security
Hello Guilherme,
libapache2-svn modules have a rpath pointing to /tmp:
%chrpath usr/lib/apache2/modules/mod_*
usr/lib/apache2/modules/mod_authz_svn.so: RPATH=/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_subr/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_repos/.libs
usr/lib/apache2/modules/mod_dav_svn.so: RPATH=/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_repos/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_fs/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_delta/.libs:/tmp/svn/subversion-1.3.0/BUILD/subversion/libsvn_subr/.libs
Since /tmp/ is user-writable, this allows local users to install rogue
libraries that will be linked by the modules.
Cheers,
--
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
More information about the pkg-subversion-maintainers
mailing list