diff options
author | Eric S. Raymond <esr@thyrsus.com> | 2012-05-14 19:08:22 -0400 |
---|---|---|
committer | Eric S. Raymond <esr@thyrsus.com> | 2012-05-14 19:08:22 -0400 |
commit | 3977013e9d2874d6fb25cd1fa9174c5b948d4655 (patch) | |
tree | 87b642a88f283c00ca11b76da62f255e8b509bc6 /packaging/readme.txt | |
parent | 9e12211c176dd7c2a3eb5cacff7e511dd0232e66 (diff) | |
download | gpsd-3977013e9d2874d6fb25cd1fa9174c5b948d4655.tar.gz |
Now possible to more easily suppress use of chrpath.
Diffstat (limited to 'packaging/readme.txt')
-rw-r--r-- | packaging/readme.txt | 21 |
1 files changed, 0 insertions, 21 deletions
diff --git a/packaging/readme.txt b/packaging/readme.txt index ca3eb9fe..62d57500 100644 --- a/packaging/readme.txt +++ b/packaging/readme.txt @@ -14,24 +14,3 @@ socket from a userland device manager. Accordingly, you probably want to set up a gpsd privilege group and make sure the Bluetooth device manager is in it. -== The chrpath perplex == - -Some distribution makers have considered the use of chrpath to be a -wart on the build recipe. - -Here's the problem. I want to build build binaries that (a) link -dynamically, (b) can be tested in the build directory without -installing to system space (in particular, so I can run the regression -tests without disturbing a production installation) and (c) -won't carry a potential exploit into system space when the binaries -are installed. - -The potential exploit is the remnant presence of the build directory in -the binary's internal list of places it will look for shared libraries. -We need that to be there for testing purposes, but we want it gone -in the version of the binary that's copied to /usr/lib. Otherwise -there are threat scenarios with a maliciously crafted library. - -Without chrpath I can get any two of those three, but I can't get -all three. If I choose static linking I get (b) and (c), if I choose -dynamic linking without chrpath I get (a) and (b). |