> On 3 Apr 2024, at 09:13, Alvaro Herrera <alvherre@alvh.no-ip.org> wrote:
>
> On 2024-Apr-02, David E. Wheeler wrote:
>
>> That quotation comes from this Debian patch[2] maintained by Christoph
>> Berg. I’d like to formally propose integrating this patch into the
>> core. And not only because it’s overhead for package maintainers like
>> Christoph, but because a number of use cases have emerged since we
>> originally discussed something like this back in 2013[3]:
>
> I support the idea of there being a second location from where to load
> shared libraries
Agreed, the case made upthread that installing an extension breaks the app
signing seems like a compelling reason to do this.
The implementation of this need to make sure the directory is properly set up
however to avoid similar problems that CVE 2019-10211 showed.
--
Daniel Gustafsson