This is the mail archive of the libc-alpha@sourceware.org mailing list for the glibc project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

Re: [PATCH] Never leave $ORIGIN unexpanded

From: "Dmitry V. Levin" <ldv at altlinux dot org>
To: libc-alpha at sourceware dot org
Date: Wed, 30 Dec 2015 02:55:26 +0300
Subject: Re: [PATCH] Never leave $ORIGIN unexpanded
Authentication-results: sourceware.org; auth=none
References: <20151229174253 dot GC26641 at altlinux dot org> <20151229223108 dot GG25803 at vapier dot lan>

On Tue, Dec 29, 2015 at 05:31:08PM -0500, Mike Frysinger wrote:
> On 29 Dec 2015 20:42, Dmitry V. Levin wrote:
> >  This change started its life as commit 207e77fd3f0a94acdf0557608dd4f10ce0e0f22f,
> >  it's in wide use, it was rebased and reviewed several times.
> 
> where ?

It's in Fedora since glibc-2.13.90-12 (13.05.2011).
I reviewed it twice at least.

> links to discussions would be helpful,

It's a follow-up to the series of commits made to fix
https://sourceware.org/bugzilla/show_bug.cgi?id=12393

I have no idea why it remained in fedora branch and hasn't been merged
to master.

> as would a more verbose explanation.

The idea is, as the subject says, never to leave $ORIGIN unexpanded:
if a privileged executable's rpath element contains $ORIGIN in a position
that is not allowed for expansion in privileged executables, this rpath
element shouldn't be left as is, it should be discarded.

-- 
ldv

Attachment: pgpdGyAyvcoUf.pgp
Description: PGP signature

References:
- [PATCH] Never leave $ORIGIN unexpanded
  - From: Dmitry V. Levin
- Re: [PATCH] Never leave $ORIGIN unexpanded
  - From: Mike Frysinger

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]