From 35ead2de062e8ce8a4c33f3163576b952a446796 Mon Sep 17 00:00:00 2001 From: Michael Tremer Date: Sat, 18 Mar 2023 12:18:59 +0000 Subject: [PATCH] file: Tidy up the RPATH checking code Signed-off-by: Michael Tremer --- src/libpakfire/file.c | 32 +++++++++++++++++--------------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/src/libpakfire/file.c b/src/libpakfire/file.c index fa6fc0a7..cc5054a1 100644 --- a/src/libpakfire/file.c +++ b/src/libpakfire/file.c @@ -2039,24 +2039,26 @@ static int __pakfire_file_process_runpath(struct pakfire_file* file, // Iterate over all elements while (runpath) { - DEBUG(file->pakfire, "Checking RUNPATH %s\n", runpath); + ERROR(file->pakfire, "Checking RUNPATH %s\n", runpath); // We do not allow any relative RUNPATHs - if (pakfire_path_match(runpath, "**/../**")) { - file->issues |= PAKFIRE_FILE_HAS_RUNPATH; - break; - } - - /* - We allow some RUNPATHs where some software is loading some - modules as shared objects from a private directory in /usr/lib64. - */ - if (!pakfire_path_match(runpath, "/usr/lib64") - && !pakfire_path_match(runpath, "/usr/lib64/**")) { - file->issues |= PAKFIRE_FILE_HAS_RUNPATH; - break; - } + if (pakfire_path_match(runpath, "**/../**")) + goto RUNPATH_DENIED; + + // We allow /usr/lib64 as libtool seems to link it in quite a lot + if (pakfire_path_match("/usr/lib64", runpath)) + goto RUNPATH_PERMITTED; + + // We allow any subdirectories of /usr/lib64 + if (pakfire_path_match( "/usr/lib64/**", runpath)) + goto RUNPATH_PERMITTED; + +RUNPATH_DENIED: + // If we make it here, this check has failed + file->issues |= PAKFIRE_FILE_HAS_RUNPATH; + break; +RUNPATH_PERMITTED: // Move on to the next RUNPATH runpath = strtok_r(NULL, ":", &p); } -- 2.47.3