Hi Chistoph,

2009/11/10 Christoph Wickert <christoph.wickert@googlemail.com>

Am Sonntag, den 08.11.2009, 23:20 +0800 schrieb PCMan:

> For distro packagers, this bug should be marked as security issue and
> immediately upgrading to the latest version of menu-cache is highly recommended.

Can you elaborate this a little? I read the comment in configure about
adding rpaths for security reasons. IMO adding rpaths does not increase
security, in fact there are also insecure rpaths (fortunately not in
menu-cache-gen) that may make things worse. This is one of the reasons
why rpaths are strictly forbidden in Fedora [1]. Because of that, I
could not yet update the package.

So was the rpath in menu-cache-gen added on purpose and is this the
problem you were talking about?


Any references?

menu-cache-gen doesn't use rpath for loading DSOs.

Jürgen