request CVE for vdrtestleak
Hello everyone,
Recently I was looking at CVE-2010-3387(for purposes of patching it downstream) and I glanced upon the discussion and the patch that had been proposed earlier - you can view them at [1].
As discussed earlier, I feel that the original issue was not a security issue as it had a ";"(semi-colon) in the LD_LIBRARY_PATH.
$ echo "/usr/lib/debug;$LD_LIBRARY_PATH"
/usr/lib/debug;
However, if the case of the patch, if LD_LIBRARY_PATH were not defined, you'd have :-
$ echo "/usr/lib/debug:${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
/usr/lib/debug:
and ld.so would treat the empty item as '.'
Cheers,
zm
Reply to: