Ralf Wildenhues <[EMAIL PROTECTED]> writes:
> * Ben Pfaff wrote on Sun, Mar 04, 2007 at 09:29:53PM CET:
>> Bruno Haible <[EMAIL PROTECTED]> writes:
>>
>> > If we recommend to use
>> >
>> > ./configure --enable-relocatable --prefix=/etc
>> > make
>> > make install DESTDIR=/tmp/inst$$
>> >
>> > then there should not be a security problem any more, right?
>>
>> I tend to just use --prefix=$HOME/inst$$.
>
> FWIW, I like that better, too. Or use some other path that only root
> can write to, like /opt or /nonexistent.
Here's some suggested wording then:
--- relocatable.texi.~1.3.~ 2007-03-03 12:23:49.000000000 -0800
+++ relocatable.texi 2007-03-05 11:37:31.000000000 -0800
@@ -24,12 +24,16 @@ To configure a program to be relocatable
@option{--enable-relocatable} to the @program{configure} command line.
For reliability, it is best to also give a @option{--prefix} option
pointing to an otherwise unused (and never used again) directory,
-e.g.@: @option{--prefix=/tmp/inst$$}. This is recommended because on
+e.g.@: @option{--prefix=$HOME/inst$$} or
[EMAIL PROTECTED]/nonexistent}. This is recommended because on
some OSes the executables remember the location of shared libraries
and prefer them over any other search path. Therefore, such an
executable will look for its shared libraries first in the original
installation directory and only then in the current installation
-directory.
+directory. Locations writable by unprivileged users, such as
[EMAIL PROTECTED]/tmp/inst$$}, are not recommended because such users can
+re-create a directory with the same name after the original directory
+has been removed.
Installation with @option{--enable-relocatable} will not work for
setuid or setgid executables, because such executables search only
--
"...dans ce pays-ci il est bon de tuer de temps en temps un amiral
pour encourager les autres."
--Voltaire, _Candide_
