After an evaluation, GNOME has moved from Bugzilla to GitLab. Learn more about GitLab.
No new issues can be reported in GNOME Bugzilla anymore.
To report an issue in a GNOME project, go to GNOME GitLab.
Do not go to GNOME Gitlab for: Bluefish, Doxygen, GnuCash, GStreamer, java-gnome, LDTP, NetworkManager, Tomboy.
Bug 638729 - lightsoff, swell-foop: Really safely set LD_LIBRARY_PATH
lightsoff, swell-foop: Really safely set LD_LIBRARY_PATH
Status: RESOLVED FIXED
Product: gnome-games-superseded
Classification: Deprecated
Component: general
unspecified
Other All
: Normal normal
: ---
Assigned To: gnome-games-general-maint
GNOME Games maintainers
Depends on:
Blocks:
 
 
Reported: 2011-01-05 09:54 UTC by Vincent Untz
Modified: 2011-01-05 13:12 UTC
See Also:
GNOME target: ---
GNOME version: ---

Attachments
lightsoff, swell-foop: Really safely set LD_LIBRARY_PATH (1.31 KB, patch)
2011-01-05 09:54 UTC, Vincent Untz 		committed Details | Review

Description Vincent Untz 2011-01-05 09:54:15 UTC 
We're still setting LD_LIBRARY_PATH in a way that can be unsafe if LD_LIBRARY_PATH is set but empty.
Comment 1 Vincent Untz 2011-01-05 09:54:17 UTC 
Created attachment 177556 [details] [review]
lightsoff, swell-foop: Really safely set LD_LIBRARY_PATH

This is a follow-up to commit c82181c6: if $LD_LIBRARY_PATH is set but
empty, we were still adding a trailing :.

Fixes CVE-2010-4003.
Comment 2 Vincent Untz 2011-01-05 09:58:23 UTC 
Downstream reference: https://bugzilla.gnome.org/show_bug.cgi?id=638729 (not public as of now, though)
Comment 3 Vincent Untz 2011-01-05 12:22:25 UTC 
This problem has been fixed in the development version. The fix will be available in the next major software release. Thank you for your bug report.
Comment 4 Christian Persch 2011-01-05 12:54:15 UTC 
Did you mean to reference a different bug in comment 2, instead of this one?
Comment 5 Vincent Untz 2011-01-05 13:12:02 UTC 
Indeed: https://bugzilla.novell.com/show_bug.cgi?id=642829