Re: Security patch for gettext-0.11.5/ltmain.sh

bug-libtool

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security patch for gettext-0.11.5/ltmain.sh

From:	Bruno Haible
Subject:	Re: Security patch for gettext-0.11.5/ltmain.sh
Date:	Tue, 17 Sep 2002 15:34:29 +0200 (CEST)

Andrew V. Samoilov writes:

> libtool now creates worldwritable .libs, and it is not too wise as for me.

Without .libs being writable, the following fails (in packages which,
like gettext, build two shared libraries, one depending on the other):

   $ ./configure
   $ make
   $ su -p bin
   bin$ make install

thus
  1. it violates the GNU standards,
  2. it forces the user to install many packages as 'root', not 'bin',
     which leads to a much bigger security problem: that everyone who
     wants write access to /usr/local needs to know the root password.

That's the reason why I added this "chmod 777 .libs" to gettext's copy
of ltmain.sh.

Bruno

[Prev in Thread]

Current Thread

[Next in Thread]

Re: Security patch for gettext-0.11.5/ltmain.sh, Bruno Haible <=
- Re: Security patch for gettext-0.11.5/ltmain.sh, Andrew V. Samoilov, 2002/09/17
  - Re: Security patch for gettext-0.11.5/ltmain.sh, Bruno Haible, 2002/09/18
    - Re: Security patch for gettext-0.11.5/ltmain.sh, Paul Eggert, 2002/09/18
    - Re: Security patch for gettext-0.11.5/ltmain.sh, Bruno Haible, 2002/09/19

Prev by Date: Re: gettext-0.11.5: build failures on Sun Solaris 2.7 and 2.8
Next by Date: Re: Security patch for gettext-0.11.5/ltmain.sh
Previous by thread: Re: gettext-0.11.5: build failures on Sun Solaris 2.7 and 2.8
Next by thread: Re: Security patch for gettext-0.11.5/ltmain.sh
Index(es):
- Date
- Thread