diff mbox series

[meta-oe,scarthgap] protobuf: Remove embedded runpath

Message ID 20250923062715.2563476-1-nitin.wankhade333@gmail.com
State New
Headers show
Series [meta-oe,scarthgap] protobuf: Remove embedded runpath | expand

Commit Message

Nitin Wankhade Sept. 23, 2025, 6:27 a.m. UTC 
From: Sana Kazi <Sana.Kazi@bmwtechworks.in>

Remove the runpath embedded in libprotobuf.so.25.8.0 by setting
DCMAKE_SKIP_INSTALL_RPATH=ON. The embedded runpath can easily
enable an attacker to get malicious code executed if there is
some issue with the file permissions at the specified location.

Signed-off-by: Sana Kazi <Sana.Kazi@bmwtechworks.in>
---
 meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb | 1 +
 1 file changed, 1 insertion(+)

Comments

Nikhil R Nov. 4, 2025, 6:17 a.m. UTC | #1 
Hi Anuj,

Could you please consider this patch for integration into Scarthgap?
Please let me know if you have any feedback.
Gyorgy Sarvari Nov. 4, 2025, 8:10 a.m. UTC | #2 
On 11/4/25 07:17, Nikhil R via lists.openembedded.org wrote:
> Hi Anuj,
>  
> Could you please consider this patch for integration into Scarthgap?
> Please let me know if you have any feedback.
>

It looks that this isn't in master branch. If it is applicable to
master, it should go there first. If it isn't, could you please include
some note about this in the commit message?
diff mbox series

Patch

diff --git a/meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb b/meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb
index e54dffd2cd..51f9b8c255 100644
--- a/meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb
+++ b/meta-oe/recipes-devtools/protobuf/protobuf_4.25.8.bb
@@ -37,6 +37,7 @@  EXTRA_OECMAKE += "\
     -Dprotobuf_BUILD_TESTS=OFF \
     -Dprotobuf_BUILD_EXAMPLES=OFF \
     -Dprotobuf_ABSL_PROVIDER="package" \
+    -DCMAKE_SKIP_INSTALL_RPATH=ON \
 "
 
 TEST_SRC_DIR = "examples"