feedc0de/qt-creator
1
0
Fork 0
forked from qt-creator/qt-creator
Code Pull Requests Activity

fix security hole: don't add an empty element to LD_LIBRARY_PATH

Browse Source 
if LD_LIBRARY_PATH was empty, the wrapper script would add the empty
element to the path.

> The trailing colon is treated by ld.so as another item on the list,
> and empty items are treated as '.' (CWD). Therefore, if a user
> executes qtcreator from a directory where there's a library that would
> have normally been loaded from the standard library paths the local
> library would be loaded instead.
> This has the potential effect of arbitrary code execution.

Reviewed-by: thiago
Task-number: CVE-2010-3374
This commit is contained in:
Oswald Buddenhagen
2010-09-22 20:05:03 +02:00
parent 245f8652b8
commit 3c00715c8e
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
bin/qtcreator
View File

@@ -31,6 +31,6 @@ fi
bindir=`dirname "$me"`
libdir=`cd "${bindir}/../lib" ; pwd`
LD_LIBRARY_PATH="${libdir}/qtcreator:${LD_LIBRARY_PATH}"
LD_LIBRARY_PATH="${libdir}/qtcreator${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
export LD_LIBRARY_PATH
exec "${bindir}/qtcreator.bin" ${1+"$@"}