qpid-proton mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rafael H. Schloming (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (PROTON-808) Binaries have their library locations stripped
Date Thu, 12 Feb 2015 23:31:12 GMT

    [ https://issues.apache.org/jira/browse/PROTON-808?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14319223#comment-14319223

Rafael H. Schloming commented on PROTON-808:

I was just observing that it would be unlikely for there to be an exploit if you just run
make install and then don't mess with the resulting tree. As you point out though, if you
copy stuff around, there is still the potential for an exploit.

If we don't want to change what the build does by default, we could just document the appropriate
options for the user to configure the RPATH manually, although I suppose that would constitute
giving people insecure advice. If we do go that route there is kind of an annoying gotcha
with the whole "lib" vs "lib64" thing.

> Binaries have their library locations stripped
> ----------------------------------------------
>                 Key: PROTON-808
>                 URL: https://issues.apache.org/jira/browse/PROTON-808
>             Project: Qpid Proton
>          Issue Type: Bug
>          Components: proton-c
>            Reporter: Justin Ross
>         Attachments: cmake.patch
> 1. Build proton
> 2. Install to /usr/local
> 3. Run "proton"
> -> Blows up, can't find its library
> https://paste.apache.org/gd56
> http://stackoverflow.com/questions/3352041/creating-binary-with-cmake-removes-runtime-path
> The default behavior of cmake is in my opinion wrong, and we should use the fix mentioned
in that stackoverflow discussion.

This message was sent by Atlassian JIRA

View raw message