FS#14002 - [ntop] insecure RATHs
Attached to Project:
Arch Linux
Opened by Allan McRae (Allan) - Sunday, 29 March 2009, 03:57 GMT
Last edited by Tobias Powalowski (tpowa) - Tuesday, 09 June 2009, 18:03 GMT
Opened by Allan McRae (Allan) - Sunday, 29 March 2009, 03:57 GMT
Last edited by Tobias Powalowski (tpowa) - Tuesday, 09 June 2009, 18:03 GMT
|
Details
Description:
A bunch of files in the ntop package have reference to their build directory in the RPATH. e.g readelf -d /usr/lib/ntop/plugins/cpacketPlugin.so | grep RPATH Files affected: /usr/lib/ntop/plugins/cpacketPlugin.so /usr/lib/ntop/plugins/icmpPlugin.so /usr/lib/ntop/plugins/lastSeenPlugin.so /usr/lib/ntop/plugins/netflowPlugin.so /usr/lib/ntop/plugins/pdaPlugin.so /usr/lib/ntop/plugins/remotePlugin.so /usr/lib/ntop/plugins/rrdPlugin.so /usr/lib/ntop/plugins/sflowPlugin.so |
This task depends upon
Well, after many hours of "fight" with this buildsystem, I decided to do a trivial change: These plugins are the same libs that are intalled under /usr/lib/, but because the build system just copy with "cp" these libs from source dir, to destination dir, without doing a libtool --mode=install, the rpath isn't updated. Then in PKGBUILD simply do a symlink to the correct libs that are installed, in plugins dir with correct names, so insecure rpath is fixed :) ( removing rpath /usr/local/lib from files seems to be complicated in this case, there are many hardcoded paths in this build system, :( )
Also, I fixed to be more FHS friend, the /var/ntop moving to /var/lib/ntop , I don't use this program. Maybe should advise to the users that have files under old location to move to the new location or move in .install, if these files are important.