The TODO section of the ReadMe mentions Rpath RW, probably taken from the output of checksec.sh.
From an ELF perspective RPATH and RUNPATH have no RW(read-write) attribute.
checksec.sh checks whether the respective directory is writable, which is not that interesting, since it is fine for /usr/lib/foo to be writable by root.
One could maybe divide R(UN)PATH into some sections:
- relative path (dangerous)
- absolute path or $ORIGIN, and the directory is "secure" (i.e. itself and all its parents are owned by root:root and not writable by others)
- absolute path or $ORIGIN, and the directory is not "secure"
The TODO section of the ReadMe mentions Rpath RW, probably taken from the output of checksec.sh.
From an ELF perspective RPATH and RUNPATH have no RW(read-write) attribute.
checksec.sh checks whether the respective directory is writable, which is not that interesting, since it is fine for /usr/lib/foo to be writable by root.
One could maybe divide R(UN)PATH into some sections: