Bug#598421: salome: CVE-2010-3377: insecure library loading
Adam C Powell IV
hazelsct at debian.org
Thu Sep 30 14:11:17 UTC 2010
tags 598421 pending
thanks
On Wed, 2010-09-29 at 23:24 -0500, Raphael Geissert wrote:
> On 29 September 2010 22:01, Adam C Powell IV <hazelsct at debian.org> wrote:
> > On Tue, 2010-09-28 at 21:07 +0000, Raphael Geissert wrote:
> > Would a secure change omit the former LD_LIBRARY_PATH? That is, would
> > it fix this in runSalome to say:
> >
> > export LD_LIBRARY_PATH=${prefix}/lib:${libdir}:/usr/lib:/usr/local/lib
> > ?
>
> You could do that, or use the following:
> export LD_LIBRARY_PATH=${prefix}/lib:${libdir}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
>
> (note the ${VAR:+foo} construct, which is what makes the shell only
> expand to the latter part when VAR is set and non-empty. The colon
> _before_ the plus sign is important.)
Thanks. I assume this works in both bash and dash, and have applied
this to the files you mentioned in the package git repository on alioth.
There's one more RC/FTBFS bug to fix, then I'll upload, hopefully by
tomorrow but maybe early next week.
-Adam
--
GPG fingerprint: D54D 1AEE B11C CE9B A02B C5DD 526F 01E8 564E E4B6
Engineering consulting with open source tools
http://www.opennovation.com/
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.alioth.debian.org/pipermail/debian-science-maintainers/attachments/20100930/e55d56a6/attachment.pgp>
More information about the debian-science-maintainers
mailing list