tech-toolchain archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
Re: RT linker, rpath and security
On Thu, May 11, 2023 at 04:07:13PM +0200, tlaronde%polynum.com@localhost wrote:
> As easy as using ldd(1)? Which won't tell you the true story. Only
> "readelf -d" will tell you. I would be very surprised if it was common
> practice. If it was, it would be mentionned in security(7) I guess?
You lost me here. It is quite easy to do if you really care, but not
exactly needed (IMHO) if you only use binaries from base and pkgsrc
(or compile them yourself and trust yourself enough).
> BTW, "/etc/security" should be changed: it verifies that there is no
> directory writable by others in root PATH...
I wouldn't mind it being enhanced (maybe optional) like Greg did suggest
and check all RPATH of all binaries "statically" and complaining loud
in the daily report if it finds relative or writable paths.
Martin
Home |
Main Index |
Thread Index |
Old Index