bug-libtool
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security patch for gettext-0.11.5/ltmain.sh


From: Bruno Haible
Subject: Re: Security patch for gettext-0.11.5/ltmain.sh
Date: Tue, 17 Sep 2002 15:34:29 +0200 (CEST)

Andrew V. Samoilov writes:

> libtool now creates worldwritable .libs, and it is not too wise as for me.

Without .libs being writable, the following fails (in packages which,
like gettext, build two shared libraries, one depending on the other):

   $ ./configure
   $ make
   $ su -p bin
   bin$ make install

thus
  1. it violates the GNU standards,
  2. it forces the user to install many packages as 'root', not 'bin',
     which leads to a much bigger security problem: that everyone who
     wants write access to /usr/local needs to know the root password.

That's the reason why I added this "chmod 777 .libs" to gettext's copy
of ltmain.sh.

Bruno




reply via email to

[Prev in Thread] Current Thread [Next in Thread]