[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: first draft of "relocatable" module
From: |
Ben Pfaff |
Subject: |
Re: first draft of "relocatable" module |
Date: |
Mon, 05 Mar 2007 11:38:08 -0800 |
User-agent: |
Gnus/5.110006 (No Gnus v0.6) Emacs/21.4 (gnu/linux) |
Ralf Wildenhues <address@hidden> writes:
> * Ben Pfaff wrote on Sun, Mar 04, 2007 at 09:29:53PM CET:
>> Bruno Haible <address@hidden> writes:
>>
>> > If we recommend to use
>> >
>> > ./configure --enable-relocatable --prefix=/etc
>> > make
>> > make install DESTDIR=/tmp/inst$$
>> >
>> > then there should not be a security problem any more, right?
>>
>> I tend to just use --prefix=$HOME/inst$$.
>
> FWIW, I like that better, too. Or use some other path that only root
> can write to, like /opt or /nonexistent.
Here's some suggested wording then:
--- relocatable.texi.~1.3.~ 2007-03-03 12:23:49.000000000 -0800
+++ relocatable.texi 2007-03-05 11:37:31.000000000 -0800
@@ -24,12 +24,16 @@ To configure a program to be relocatable
@option{--enable-relocatable} to the @program{configure} command line.
For reliability, it is best to also give a @option{--prefix} option
pointing to an otherwise unused (and never used again) directory,
-e.g.@: @option{--prefix=/tmp/inst$$}. This is recommended because on
+e.g.@: @option{--prefix=$HOME/inst$$} or
address@hidden/nonexistent}. This is recommended because on
some OSes the executables remember the location of shared libraries
and prefer them over any other search path. Therefore, such an
executable will look for its shared libraries first in the original
installation directory and only then in the current installation
-directory.
+directory. Locations writable by unprivileged users, such as
address@hidden/tmp/inst$$}, are not recommended because such users can
+re-create a directory with the same name after the original directory
+has been removed.
Installation with @option{--enable-relocatable} will not work for
setuid or setgid executables, because such executables search only
--
"...dans ce pays-ci il est bon de tuer de temps en temps un amiral
pour encourager les autres."
--Voltaire, _Candide_
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/01
- Re: first draft of "relocatable" module, Bruno Haible, 2007/03/01
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/02
- Re: first draft of "relocatable" module, Ralf Wildenhues, 2007/03/02
- Re: first draft of "relocatable" module, Bruno Haible, 2007/03/04
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/04
- Re: first draft of "relocatable" module, Ralf Wildenhues, 2007/03/05
- Re: first draft of "relocatable" module,
Ben Pfaff <=
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/05
- Re: first draft of "relocatable" module, Ben Pfaff, 2007/03/18
- Re: first draft of "relocatable" module, Daniel Jacobowitz, 2007/03/05
Re: first draft of "relocatable" module, Matthew Woehlke, 2007/03/02
Re: first draft of "relocatable" module, Bruno Haible, 2007/03/01
Re: first draft of "relocatable" module, Bruno Haible, 2007/03/01
Re: first draft of "relocatable" module, Bruno Haible, 2007/03/01
Re: first draft of "relocatable" module, Bruno Haible, 2007/03/01