[New-bugs-announce] [issue11172] Avoid '.' as runpath on AIX

Michael Haubenwallner report at bugs.python.org
Thu Feb 10 15:03:01 CET 2011

New submission from Michael Haubenwallner <michael.haubenwallner at salomon.at>:

Spotted in issue#941346 msg#128214, the "-L$(srcdir)" should be removed from BLDSHARED on AIX:

The problem is that '-L$(srcdir)' adds '$(srcdir)' to the runpath too (as there is no '-blibpath' argument), opening a security hole for libpythonX.Y.so as well as the modules.so.

As LDLIBRARY points to the immediate file 'libpython$(VERSION).so' instead of '-lpython$(VERSION)', I don't see the need for '-L$(srcdir)' at all.

components: Build
files: python-2.7.1-aix-safe-runpath.patch
keywords: patch
messages: 128293
nosy: haubi
priority: normal
severity: normal
status: open
title: Avoid '.' as runpath on AIX
type: security
versions: Python 2.7, Python 3.1, Python 3.2, Python 3.3
Added file: http://bugs.python.org/file20730/python-2.7.1-aix-safe-runpath.patch

Python tracker <report at bugs.python.org>

More information about the New-bugs-announce mailing list