[oe] HEADS UP: insane.bbclass will now detect and stop the build on wrong RPATHs.
Graeme Gregory
dp at xora.org.uk
Thu Apr 26 22:06:57 UTC 2007
> A "huge gaping security hole" that requires you to download a
> malicious ipk with malicious libraries which figures out what your
> build path was, then installs those libraries there.
>
> Or you could just download a malicious ipk which overwrites the actual
> libraries.
>
> I don't see what's hude or gaping about this.
>
Maybe you should rethink that before getting all sarcastic.
/home/XXX/ hmmm, thats publically writable to users.
And why do malicious libraries need to come in ipk files.
Graeme
More information about the Openembedded-devel
mailing list