Insecure RPATH

[orbisvicis]

RPATH is automatically set by libtool to:

jbig2enc/src/.libs On most builds, is such that any user can create RPATH, into which malicious libraries can be placed. RPATH isn't necessary if the resulting library will be placed in the dynamic loader's (ld.so) system paths (the case with --prefix="/usr" or --prefix="/usr/local") I suggest adding --disable-rpath configure option, so that user-prefix installations can still work (as well as other OSs) rather than simply disabling RPATH. I also don't know how to do this.

[jsonn]

This is wrong. The only reason why you should end up with an rpath of .../.libs is if you forgot to run libtool --mode=install.