JakeHillion/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

libversion: Fix unsafe concatenation of $LD_LIBRARY_PATH

Browse Source 
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  This particular
case probably has no security relevance, but we should avoid this
unsafe pattern anyway in case it gets copied.  See #76804.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This commit is contained in:
Anders Kaseorg 2020-05-31 01:40:07 -07:00
parent 135073a87b
commit 665dfc26ed
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/development/libraries/libversion/default.nix
View File

@ -14,7 +14,7 @@ stdenv.mkDerivation rec {
nativeBuildInputs = [ cmake ]; nativeBuildInputs = [ cmake ];
preCheck = '' preCheck = ''
export LD_LIBRARY_PATH=/build/source/build/libversion/:$LD_LIBRARY_PATH export LD_LIBRARY_PATH=/build/source/build/libversion/''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH
''; '';
doCheck = true; doCheck = true;
checkTarget = "test"; checkTarget = "test";