On Thu, Feb 03, 2022 at 04:41:21PM -0800, Vagrant Cascadian wrote: > Over the last several months, I and others have found quite a few > packages that embed build paths via rpath when building with cmake. I > found myself slowly edging into a mass bug filing, one bug report at a > time...
Hello Vagrant, does this represent a security problem? I tried to give this a look myself but didn't know what to look for; I grabbed a few recent versions of packages: http://ftp.debian.org/debian/pool/main/n/nfs-ganesha/nfs-ganesha_3.4-1_amd64.deb http://ftp.debian.org/debian/pool/main/v/vmemcache/libvmemcache0_0.8.1-4_amd64.deb http://ftp.debian.org/debian/pool/main/f/fontforge/fontforge_20201107~dfsg-4_amd64.deb $ find . -type f -exec eu-readelf -d {} \; 2>/dev/null | grep RUNPATH RUNPATH Library runpath: [/usr/lib/ganesha] RUNPATH Library runpath: [/usr/lib/ganesha] RUNPATH Library runpath: [/usr/lib/ganesha] RUNPATH Library runpath: [/usr/lib/ganesha] Am I on the wrong track? Thanks
signature.asc
Description: PGP signature
