Bug#598421: salome: CVE-2010-3377: insecure library loading
Raphael Geissert
geissert at debian.org
Thu Sep 30 04:24:26 UTC 2010
On 29 September 2010 22:01, Adam C Powell IV <hazelsct at debian.org> wrote:
> On Tue, 2010-09-28 at 21:07 +0000, Raphael Geissert wrote:
> Would a secure change omit the former LD_LIBRARY_PATH? That is, would
> it fix this in runSalome to say:
>
> export LD_LIBRARY_PATH=${prefix}/lib:${libdir}:/usr/lib:/usr/local/lib
> ?
You could do that, or use the following:
export LD_LIBRARY_PATH=${prefix}/lib:${libdir}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
(note the ${VAR:+foo} construct, which is what makes the shell only
expand to the latter part when VAR is set and non-empty. The colon
_before_ the plus sign is important.)
Cheers,
--
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net
More information about the debian-science-maintainers
mailing list