[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

QA needed for insecure LD_LIBRARY_PATH in many wrapper scripts


many wrapper scripts contain things like


This is bad because if LD_LIBRARY_PATH is unset, it will expand to


which is interpreted as

This means that the current directory is searched for libraries before
/lib and /usr/lib, which can have security implications.

The fix is to use "${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}" instead of
":$LD_LIBRARY_PATH". This will get rid of the colon if LD_LIBRARY_PATH
is unset. (Actually, some scripts use "${LD_LIBRARY_PATH+:
$LD_LIBRARY_PATH}", which seems to work, too. But this is not 
documented in the bash man page, at least I can't find it.)

This is not a new issue: CVE-2005-4790 and CVE-2005-4791 have been 
found two years ago. Unfortunately, they were first announced as SuSE 
specific packaging errors and were missed by the security teams.

I filed #451548 for liferea, but many more packages are affected. I 
intend to file a wishlist bug for lintian to check for this. But 
since this will take some time to get implemented, if someone has a 
local mirror and wants to do some QA work, a complete check of the 
archive would be good.

Of course "$LD_LIBRARY_PATH:" is just as bad as ":$LD_LIBRARY_PATH". 
Maybe there are other environment variables that could be affected by 
the same problem. For $PATH it is not a problem, because it should 
always be set. More ideas?


Attachment: signature.asc
Description: This is a digitally signed message part.

Reply to: