diff options
author | Anders Kaseorg <andersk@mit.edu> | 2021-11-04 16:14:48 -0700 |
---|---|---|
committer | Anders Kaseorg <andersk@mit.edu> | 2021-11-04 16:15:05 -0700 |
commit | e12f4db55640401ff06749231a4f4ffcef9a7269 (patch) | |
tree | 457adf28c44553cc6c401a0acf278c06b2ad333b /pkgs/applications/office | |
parent | b67e752c29f18a0ca5534a07661366d6a2c2e649 (diff) | |
download | nixpkgs-e12f4db55640401ff06749231a4f4ffcef9a7269.tar nixpkgs-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.gz nixpkgs-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.bz2 nixpkgs-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.lz nixpkgs-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.xz nixpkgs-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.zst nixpkgs-e12f4db55640401ff06749231a4f4ffcef9a7269.zip |
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH, round 2
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Followup to #76804. Fixes #144646. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Diffstat (limited to 'pkgs/applications/office')
-rw-r--r-- | pkgs/applications/office/jabref/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/applications/office/jabref/default.nix b/pkgs/applications/office/jabref/default.nix index b87e74c256f..0b4ce74cdfa 100644 --- a/pkgs/applications/office/jabref/default.nix +++ b/pkgs/applications/office/jabref/default.nix @@ -52,7 +52,7 @@ stdenv.mkDerivation rec { makeWrapper $out/lib/runtime/bin/java $out/bin/jabref \ --add-flags '-Djava.library.path=${systemLibPaths}' --add-flags "-p $out/lib/app -m org.jabref/org.jabref.JabRefLauncher" \ - --run 'export LD_LIBRARY_PATH=${systemLibPaths}:$LD_LIBRARY_PATH' + --prefix LD_LIBRARY_PATH : '${systemLibPaths}' cp -r ${desktopItem}/share/applications $out/share/ |