Security risk in setting up $LD_LIBRARY_PATH by KDE script
Matthew Woehlke
mw_triad at users.sourceforge.net
Sat Mar 1 01:39:53 GMT 2008
Vlad wrote:
> The KDE script
> (http://techbase.kde.org/index.php?title=Getting_Started/Increased_Productivity_in_KDE4_with_Scripts/.bashrc)
> that developers are encouraged to place in their ~/.bashrc file
> contains the following line:
>
> export LD_LIBRARY_PATH=$KDEDIR/lib:$QTDIR/lib:$LD_LIBRARY_PATH
>
> If $LD_LIBRARY_PATH is empty before the above line is executed, then
> the $LD_LIBRARY_PATH after that line will end in a colon (:).
>
> $ echo $LD_LIBRARY_PATH
> /home/kde-devel/qt-copy/lib:/home/kde-devel/kde/lib:
>
> This causes files such as tls, i686, sse2, cmov and libc.so.6 to be
> searched for in the current directory (.). Wouldn't this be a security
> risk?
No one else thinks so?
FWIW, my kde4 environment script looks like this:
headCat() { [ -d "$2" ] && eval $1=\"$2\$\{$1:+':'\$$1\}\" ; }
... stuff ...
headCat PKG_CONFIG_PATH $KDEDIR/lib/pkgconfig
headCat LD_LIBRARY_PATH $KDEDIR/lib
headCat PATH $KDEDIR/bin
--
Matthew
What sort of trite mind
Didst produced this signature
From random input
More information about the kde-core-devel
mailing list