Bug 69692 - Security problem: libraries contain relative rpath's
Security problem: libraries contain relative rpath's
Status: CLOSED NOTABUG
Product: Red Hat Linux
Classification: Retired
Component: qt (Show other bugs)
7.3
i386 Linux
high Severity medium
: ---
: ---
Assigned To: Ngo Than
Ben Levenson
: Security
: 69575 (view as bug list)
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2002-07-24 11:10 EDT by Bert DeKnuydt
Modified: 2007-03-26 23:55 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2003-04-10 11:11:14 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Bert DeKnuydt 2002-07-24 11:10:05 EDT
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607

Description of problem:
All libraries in /usr/lib/qt3/lib contain a relative
rpath.  So all applications linked against them
potentially load untrusted libraries.
This is for qt-3.0.3-11

Version-Release number of selected component (if applicable):


How reproducible:
Always

Steps to Reproduce:
1.cd /usr/lib/qt3/lib
2.readelf -d lib*.so* | grep path
3.
	

Additional info:

Related with 69575
Comment 1 Mark J. Cox (Product Security) 2002-08-13 08:10:54 EDT
*** Bug 69575 has been marked as a duplicate of this bug. ***
Comment 2 Ngo Than 2002-08-31 03:31:19 EDT
it's fixed in 3.0.5-17 or newer-
Comment 3 Kjartan Maraas 2003-04-02 18:19:19 EST
I see paths in libqtmcop* in RHL9. Same problem? The same is true for a whole
lot of other libs though...
Comment 4 Kjartan Maraas 2003-04-02 18:20:06 EST
Took the liberty to reassign this to new owner too.
Comment 5 Ngo Than 2003-04-10 11:11:14 EDT
readelf -d /usr/lib/libqtmcop.so* | grep path
0x0000000f (RPATH) Library rpath: [/usr/lib:/usr/lib/qt-3.1/lib:/usr/X11R6/lib]
0x0000000f (RPATH) Library rpath: [/usr/lib:/usr/lib/qt-3.1/lib:/usr/X11R6/lib]
0x0000000f (RPATH) Library rpath: [/usr/lib:/usr/lib/qt-3.1/lib:/usr/X11R6/lib]

i don't see the security problem here.

Note You need to log in before you can comment on or make changes to this bug.