Hi, Martin Carpenter wrote:
>> 8.7 RUNPATH and RPATH >> >> Libraries and executables should not define RPATH or RUNPATH unless >> absolutely necessary. This part seems vague to me --- if a project relies on RUNPATH but could be modified to avoid relying on it, is today's use of RUNPATH absolutely necessary? It's hard enough to act on this recommendation that I don't think it belongs in policy yet. >> Those that do should ensure that relative paths or paths that traverse >> insecure directories (eg /tmp or /var/tmp) are not included. This >> is to prevent an executable from loading a library from an untrusted >> location. This part looks good. >> (This should include the corner cases whereby the path list >> starts or ends with a colon, or includes two consecutive colons). Nit: s/This should include/This include/ Thanks and hope that helps, Jonathan -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
