[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Path Hijack vulnerability

From: Richard Purdie
Subject: Re: Path Hijack vulnerability
Date: Wed, 03 Nov 2021 19:17:07 +0000
User-agent: Evolution 3.40.4-1

On Wed, 2021-11-03 at 12:11 -0700, Paul Eggert wrote:
> On 11/3/21 07:21, Gregorio Giacobbe wrote:
> > The remediation would be to make sure that tar calls gzip by its absolute 
> > path.
> Sure, just do this when building 'tar':
> ./configure --with-gzip=/usr/bin/gzip
> This resolves the issue.
> I doubt whether we should make this configure-time option the default.

Please don't!

One of the issues we (as in the Yocto Project) run into a lot are hardcoded
paths and this would just be another one we'd have to configure out.



reply via email to

[Prev in Thread] Current Thread [Next in Thread]