nixpkgs-suyu/pkgs/development/libraries/libversion
Anders Kaseorg 665dfc26ed libversion: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  This particular
case probably has no security relevance, but we should avoid this
unsafe pattern anyway in case it gets copied.  See #76804.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
2020-05-31 01:42:09 -07:00
..
default.nix libversion: Fix unsafe concatenation of $LD_LIBRARY_PATH 2020-05-31 01:42:09 -07:00