New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fatal error: QrCode.hpp: No such file or directory #3142
Comments
|
We switched to cmake build system, please see README. |
|
@selsta thanks, I've updated my build to run I think there's an issue with the new build system though, the binary got flagged in our build with: There's indeed a static RPATH in the binary: The empty string at the end is equivalent to We can confirm this with ldd: Luckily this is fairly uncommonly exploited, but could be used for local privilege escalation (similar to dll hijacking on windows) if the current directory is world writable, like I've hacked together a working poc, although I'm not sure it's the most elegant solution. The library I use doesn't matter, the constructor is executed by the dynamic linker during early initialization before the actual main: I assumed I followed the build instructions incorrectly, but the same issue exists in the official binary: |
|
This has been assigned CVE-2020-26947. |
|
You should have followed Monero Vulnerability Response Process (https://github.com/monero-project/monero-gui/#vulnerability-response) instead of submitting quite unnecessary CVE (at least at this point). I find your behavior quite unprofessional. In case you don't know what responsible disclosure is, see https://en.wikipedia.org/wiki/Responsible_disclosure |
|
Sorry, I didn't know there's a bugbounty (obviously, since I passed on a bounty with this report). The severity of this issue is quite low, so I don't think doing all the extra work of coordinated disclosure is reasonable, this is all unpaid volunteer work after all. |
|
#3150 should resolve this issue. Thanks for reporting, next time please notify in private to give us time to resolve the issue before submitting a CVE for such a low severity issue. |
|
Thanks! I've uploaded 0.17.0.1 with the patch applied, just in time for the hard fork. :) |
My build of the latest release failed with an error related to QrCode.hpp:
In the code base I found a reference to
src/QR-Code-generator/QrCode.hppbut that file doesn't exist in the repository.The text was updated successfully, but these errors were encountered: