[Bug libstdc++/5291] Bad reference to build directory in libstdc++.la
bfriesen at simple dot dallas dot tx dot us
gcc-bugzilla@gcc.gnu.org
Thu Feb 22 15:59:00 GMT 2007
------- Comment #19 from bfriesen at simple dot dallas dot tx dot us 2007-02-22 15:58 -------
(In reply to comment #8)
> Note that, on PA, the linker does indeed annotate an executable with the
> location in which it found the library, but that's just a cache, it doesn't
> require the library to be there in order to function. Libtool knows about that,
> and does the right thing when linking with a libtool library, but libgcc_s isn't
> a libtool library, so libtool can't do much.
It seems to me that on systems which encode the default library search path,
this behavior becomes a security weakness associated with the installed
library. If the GCC build directory is not secure in that it can't be
re-created by another party, then applications searching for libraries in the
build tree become subject to trojan horse type attacks. This is particularly
the case when GCC is built under /tmp (as some people do) since once the tree
has been removed, any other user on the system may create the necessary paths.
--
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=5291
More information about the Gcc-bugs
mailing list