Security risk in setting up $LD_LIBRARY_PATH by KDE script

Matthew Woehlke mw_triad at
Mon Mar 17 20:24:46 GMT 2008

Matthew Woehlke wrote:
> Vlad wrote:
>> The KDE script
>> ( 
>> that developers are encouraged to place in their ~/.bashrc file
>> contains the following line:
>> If $LD_LIBRARY_PATH is empty before the above line is executed, then
>> the $LD_LIBRARY_PATH after that line will end in a colon (:).
>> $ echo $LD_LIBRARY_PATH
>> /home/kde-devel/qt-copy/lib:/home/kde-devel/kde/lib:
>> This causes files such as tls, i686, sse2, cmov and to be
>> searched for in the current directory (.). Wouldn't this be a security
>> risk?
> No one else thinks so?

It appears that someone changed *just* the setting of LD_LIBRARY_PATH. 
Since PATH should be clean also, I added my helper function (with the 
name "prepend") and restructured the var setting. If a few people could 
please review the changes that would be good.

The new way also has the advantage of keeping Qt vars, KDE vars, etc, 
separate (because there is a 'prepend' per directory, rather than one 
big assignment). To preserve ordering, I moved the whole Qt section up 
and moved adding KDE to QT_PLUGIN_DIR into the KDE section.

Sending this e-mail does not constitute endorsement of the contents; I 
may change my mind later. -- Unknown

More information about the kde-core-devel mailing list