From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607 Description of problem: There is a serious security problem with kdeinit, and possibly several other KDE applications tools etc. The following description is for kdelibs-3.0.0-10 as shipped by RedHat 7.3 intel. Short description: ----------------- Kdeinit looks for shared libraries in non-system directories. This can allow a malicious local user to gain root access if root runs kde. Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.See attachment. Not describable in 3 lines. 2. 3. Actual Results: Crash (good) and/or loading of arbitrary libraries (bad). Expected Results: Not search along untrusted relative paths for shared libraries. Additional info:
Created attachment 66524 [details] Details / Traces of bugreport
coolo at kde dot org pointed me that Qt is the culprit. readelf -d /usr/lib/qt3/lib/libqt-mt.so (from qt-3.0.3-11) shows an rpath like '../lib/' Qt2 seems to be okay.
*** This bug has been marked as a duplicate of 69692 ***