AdobeReader_sve providing libstdc++.so.6 - malicious?

[Michael Schwendt]

On Thu, 27 May 2010 22:01:09 +0100, Jonathan wrote:

> Hi,
> 
> I just noticed that if I enable the adobe repository, the AdobeReader
> quickly gets pulled in when installing the flash plugin on a 64 bit
> machine, since it seems to be providing libstdc++.so.6. This just
> seems a little bit suspect to me.
> 
> Eg. if I run
> 
> yum -v install nspluginwrapper.x86_64 nspluginwrapper.i686
> alsa-plugins-pulseaudio.i686 libcurl.i686
> 
> and then look at the output, I see
> 
> --> Processing Dependency: libstdc++.so.6(CXXABI_1.3) for package:
> 1:cups-libs-1.4.3-6.fc13.i686
> Searching pkgSack for dep: libstdc++.so.6(CXXABI_1.3)
> TSINFO: Marking AdobeReader_sve-8.1.7-1.i486 as install for
> 1:cups-libs-1.4.3-6.fc13.i686
> 
> 
> It seems a little like Adobe is trying to install Reader via a
> backdoor dependency?

It's a packaging mistake in a package that hasn't seen much testing.
If they include local copies of libs like libstdc++, they ought to
filter the RPM Provides. They also provide several other libs, not
limited to libgcc_s.so.1

$ repoquery --provides AdobeReader_sve|grep ^lib|wc -l
59

$ repoquery --whatprovides 'libstdc++.so.6(CXXABI_1.3)'
AdobeReader_nor-0:8.1.7-1.i486
AdobeReader_ita-0:8.1.7-1.i486
AdobeReader_suo-0:8.1.7-1.i486
AdobeReader_kor-0:8.1.7-1.i486
AdobeReader_sve-0:8.1.7-1.i486
libstdc++-0:4.4.4-2.fc13.i686
AdobeReader_dan-0:8.1.7-1.i486
AdobeReader_ptb-0:8.1.7-1.i486
AdobeReader_chs-0:8.1.7-1.i486
AdobeReader_esp-0:8.1.7-1.i486
AdobeReader_nld-0:8.1.7-1.i486
AdobeReader_cht-0:8.1.7-1.i486