openjdk team mailing list archive

Thread
Date

Bug#754278: Bug#754278: openjdk-7-jdk: relative directories in RPATH

To: Jakub Wilk <jwilk@xxxxxxxxxx>, 754278@xxxxxxxxxxxxxxx
From: Matthias Klose <doko@xxxxxxxxxx>
Date: Thu, 17 Jul 2014 23:39:59 +0200
In-reply-to: <20140709120645.GA7251@jwilk.net>
Reply-to: Matthias Klose <doko@xxxxxxxxxx>, 754278@xxxxxxxxxxxxxxx
Resent-cc: OpenJDK Team <openjdk@xxxxxxxxxxxxxxxxxxx>
Resent-date: Thu, 17 Jul 2014 21:42:02 +0000
Resent-from: Matthias Klose <doko@xxxxxxxxxx>
Resent-message-id: <handler.754278.B754278.14056332111076@xxxxxxxxxxxxxxx>
Resent-sender: Debian BTS <debbugs@xxxxxxxxxxxxxxxxxxxx>
Resent-to: debian-bugs-dist@xxxxxxxxxxxxxxxx
User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0

Control: tags -1 + moreinfo

Am 09.07.2014 14:06, schrieb Jakub Wilk:
> Package: openjdk-7-jdk
> Version: 7u60-2.5.0-1
> Severity: important
> Tags: security
> 
> Binaries in /usr/lib/jvm/java-7-openjdk-i386/bin/ have their RPATH set to
> relative directories:
> bootstrap/jre/lib/i386
> bootstrap/jre/lib/i386/jli
> bootstrap/lib/i386
> 
> This means that the aforementioned tools cannot be securely used if cwd is
> world-writable (e.g. /tmp). If local malicious user planted a trojaned library
> there, the tools would happily load it.

how did you do this analysis, and how can I reproduce this?

Follow ups

Bug#754278: openjdk-7-jdk: relative directories in RPATH
From: Jakub Wilk, 2014-07-23

References

Bug#754278: openjdk-7-jdk: relative directories in RPATH
From: Jakub Wilk, 2014-07-09