From Bugzilla Helper: User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607 Description of problem: All libraries in /usr/lib/qt3/lib contain a relative rpath. So all applications linked against them potentially load untrusted libraries. This is for qt-3.0.3-11 Version-Release number of selected component (if applicable): How reproducible: Always Steps to Reproduce: 1.cd /usr/lib/qt3/lib 2.readelf -d lib*.so* | grep path 3. Additional info: Related with 69575
*** Bug 69575 has been marked as a duplicate of this bug. ***
it's fixed in 3.0.5-17 or newer-
I see paths in libqtmcop* in RHL9. Same problem? The same is true for a whole lot of other libs though...
Took the liberty to reassign this to new owner too.
readelf -d /usr/lib/libqtmcop.so* | grep path 0x0000000f (RPATH) Library rpath: [/usr/lib:/usr/lib/qt-3.1/lib:/usr/X11R6/lib] 0x0000000f (RPATH) Library rpath: [/usr/lib:/usr/lib/qt-3.1/lib:/usr/X11R6/lib] 0x0000000f (RPATH) Library rpath: [/usr/lib:/usr/lib/qt-3.1/lib:/usr/X11R6/lib] i don't see the security problem here.