On 3 Oct 2007, Bruno Haible verbalised: > Sylvain Beucler wrote: >> What security issues, by the way? I (re)read the docs but I don't see >> what it is. > > No no, I won't tell anyone how the exploit works :-) But there is an exploit.
There's an even more obvious and trivial DoS attack. (The problem here is of course DT_RPATH itself rather than gnulib's relocatable support. It's ameliorated somewhat if you use a linker and dynamic linker with DT_RUNPATH support, like, well, all the platforms for which gnulib uses linker-assisted relocatable support, but it still doesn't go away.) -- `Some people don't think performance issues are "real bugs", and I think such people shouldn't be allowed to program.' --- Linus Torvalds
