Github messages for voidlinux
 help / color / mirror / Atom feed
* [ISSUE] [RFC] lint for invalid/insecure rpath in binaries and libraries
@ 2021-08-30 23:11 tornaria
  2021-08-30 23:17 ` ericonr
                   ` (2 more replies)
  0 siblings, 3 replies; 4+ messages in thread
From: tornaria @ 2021-08-30 23:11 UTC (permalink / raw)
  To: ml

[-- Attachment #1: Type: text/plain, Size: 2019 bytes --]

New issue by tornaria on void-packages repository

I'm compling a library that will "leak" the install directories in rpaths. I mean `/destdir/*`.

I catched it just by chance, so I wonder if it would make sense to check for that and warn/error for bad rpaths like those.

Here's a quick hack. I put this in `common/hooks/post-install/`. I'm not sure it belongs there or in `pre-pkg`, but seems to work ok there.

# check rpath
# see:

hook() {
        find ${PKGDESTDIR} -type f | while read f; do
        read -n4 elfmagic < "$f"
        if [ "$elfmagic" = $'\177ELF' ]; then
                        for rpath in $($OBJDUMP -p "$f"|awk '/RPATH/{print $2}'); do
                                case $rpath in
                                                msg_warn "invalid RPATH=$rpath in $lf\n"
                                                msg_normal "RPATH=$rpath in $lf\n"

Have a look at for a stricter approach, namely:
 - allow only rpaths not starting with /lib, /usr/lib,  $ORIGIN, etc.
 - for those, check that the actual path exists in the package.
 - everything else: warn (could be error, maybe with some way to skip)

Maybe some explanation in the manual would also be helpful, and a suggestion on how to fix it if it can't be disabled in configure/make. What I did was add `chrpath` to `hostmakedepends`, and run `chrpath -d FILES` from `post_install()`.

^ permalink raw reply	[flat|nested] 4+ messages in thread

end of thread, other threads:[~2022-06-18  2:12 UTC | newest]

Thread overview: 4+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2021-08-30 23:11 [ISSUE] [RFC] lint for invalid/insecure rpath in binaries and libraries tornaria
2021-08-30 23:17 ` ericonr
2022-06-04  2:09 ` github-actions
2022-06-18  2:12 ` [ISSUE] [CLOSED] " github-actions

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).