Re: first draft of "relocatable" module

[Ben Pfaff]

Ralf Wildenhues <address@hidden> writes:

> * Ben Pfaff wrote on Sun, Mar 04, 2007 at 09:29:53PM CET:
>> Bruno Haible <address@hidden> writes:
>>
>> > If we recommend to use
>> >
>> >     ./configure --enable-relocatable --prefix=/etc
>> >     make
>> >     make install DESTDIR=/tmp/inst$$
>> >
>> > then there should not be a security problem any more, right?
>>
>> I tend to just use --prefix=$HOME/inst$$.
>
> FWIW, I like that better, too.  Or use some other path that only root
> can write to, like /opt or /nonexistent.

Here's some suggested wording then:

--- relocatable.texi.~1.3.~     2007-03-03 12:23:49.000000000 -0800
+++ relocatable.texi    2007-03-05 11:37:31.000000000 -0800
@@ -24,12 +24,16 @@ To configure a program to be relocatable
 @option{--enable-relocatable} to the @program{configure} command line.
 For reliability, it is best to also give a @option{--prefix} option
 pointing to an otherwise unused (and never used again) directory,
-e.g.@: @option{--prefix=/tmp/inst$$}.  This is recommended because on
+e.g.@: @option{--prefix=$HOME/inst$$} or
address@hidden/nonexistent}.  This is recommended because on
 some OSes the executables remember the location of shared libraries
 and prefer them over any other search path.  Therefore, such an
 executable will look for its shared libraries first in the original
 installation directory and only then in the current installation
-directory.
+directory.  Locations writable by unprivileged users, such as
address@hidden/tmp/inst$$}, are not recommended because such users can
+re-create a directory with the same name after the original directory
+has been removed.
 
 Installation with @option{--enable-relocatable} will not work for
 setuid or setgid executables, because such executables search only

-- 
"...dans ce pays-ci il est bon de tuer de temps en temps un amiral
 pour encourager les autres."
--Voltaire, _Candide_