Bug 69692 - Security problem: libraries contain relative rpath's
Summary: Security problem: libraries contain relative rpath's
Alias: None
Product: Red Hat Linux
Classification: Retired
Component: qt (Show other bugs)
(Show other bugs)
Version: 7.3
Hardware: i386 Linux
Target Milestone: ---
Assignee: Ngo Than
QA Contact: Ben Levenson
Keywords: Security
: 69575 (view as bug list)
Depends On:
TreeView+ depends on / blocked
Reported: 2002-07-24 15:10 UTC by Bert DeKnuydt
Modified: 2007-03-27 03:55 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2003-04-10 15:11:14 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Bert DeKnuydt 2002-07-24 15:10:05 UTC
From Bugzilla Helper:
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.0.0) Gecko/20020607

Description of problem:
All libraries in /usr/lib/qt3/lib contain a relative
rpath.  So all applications linked against them
potentially load untrusted libraries.
This is for qt-3.0.3-11

Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1.cd /usr/lib/qt3/lib
2.readelf -d lib*.so* | grep path

Additional info:

Related with 69575

Comment 1 Mark J. Cox 2002-08-13 12:10:54 UTC
*** Bug 69575 has been marked as a duplicate of this bug. ***

Comment 2 Ngo Than 2002-08-31 07:31:19 UTC
it's fixed in 3.0.5-17 or newer-

Comment 3 Kjartan Maraas 2003-04-02 23:19:19 UTC
I see paths in libqtmcop* in RHL9. Same problem? The same is true for a whole
lot of other libs though...

Comment 4 Kjartan Maraas 2003-04-02 23:20:06 UTC
Took the liberty to reassign this to new owner too.

Comment 5 Ngo Than 2003-04-10 15:11:14 UTC
readelf -d /usr/lib/libqtmcop.so* | grep path
0x0000000f (RPATH) Library rpath: [/usr/lib:/usr/lib/qt-3.1/lib:/usr/X11R6/lib]
0x0000000f (RPATH) Library rpath: [/usr/lib:/usr/lib/qt-3.1/lib:/usr/X11R6/lib]
0x0000000f (RPATH) Library rpath: [/usr/lib:/usr/lib/qt-3.1/lib:/usr/X11R6/lib]

i don't see the security problem here.

Note You need to log in before you can comment on or make changes to this bug.