New submission from Michael Haubenwallner <michael.haubenwall...@salomon.at>:
Spotted in issue#941346 msg#128214, the "-L$(srcdir)" should be removed from BLDSHARED on AIX: The problem is that '-L$(srcdir)' adds '$(srcdir)' to the runpath too (as there is no '-blibpath' argument), opening a security hole for libpythonX.Y.so as well as the modules.so. As LDLIBRARY points to the immediate file 'libpython$(VERSION).so' instead of '-lpython$(VERSION)', I don't see the need for '-L$(srcdir)' at all. ---------- components: Build files: python-2.7.1-aix-safe-runpath.patch keywords: patch messages: 128293 nosy: haubi priority: normal severity: normal status: open title: Avoid '.' as runpath on AIX type: security versions: Python 2.7, Python 3.1, Python 3.2, Python 3.3 Added file: http://bugs.python.org/file20730/python-2.7.1-aix-safe-runpath.patch _______________________________________ Python tracker <rep...@bugs.python.org> <http://bugs.python.org/issue11172> _______________________________________ _______________________________________________ Python-bugs-list mailing list Unsubscribe: http://mail.python.org/mailman/options/python-bugs-list/archive%40mail-archive.com
