[issue11172] Avoid '.' as runpath on AIX
Michael Haubenwallner
report at bugs.python.org
Thu Feb 10 15:03:01 CET 2011
New submission from Michael Haubenwallner <michael.haubenwallner at salomon.at>:
Spotted in issue#941346 msg#128214, the "-L$(srcdir)" should be removed from BLDSHARED on AIX:
The problem is that '-L$(srcdir)' adds '$(srcdir)' to the runpath too (as there is no '-blibpath' argument), opening a security hole for libpythonX.Y.so as well as the modules.so.
As LDLIBRARY points to the immediate file 'libpython$(VERSION).so' instead of '-lpython$(VERSION)', I don't see the need for '-L$(srcdir)' at all.
----------
components: Build
files: python-2.7.1-aix-safe-runpath.patch
keywords: patch
messages: 128293
nosy: haubi
priority: normal
severity: normal
status: open
title: Avoid '.' as runpath on AIX
type: security
versions: Python 2.7, Python 3.1, Python 3.2, Python 3.3
Added file: http://bugs.python.org/file20730/python-2.7.1-aix-safe-runpath.patch
_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue11172>
_______________________________________
More information about the Python-bugs-list
mailing list