Bug#495785: attal has rpath to insecure location (.:/usr/lib/attal)
ballombe at debian.org
Wed Aug 20 12:21:34 UTC 2008
Hello Debian Games Team,
attal includes a binary /usr/games/attal-theme-editor with a rpath
pointing to .:/usr/lib/attal.
This allows an attacker with write access to the current working directory
where attal is launched to add modified libraries which will be loaded
when someone else run attal.
Bill. <ballombe at debian.org>
Imagine a large red swirl here.
More information about the Pkg-games-devel