diff options
| author | Anders Kaseorg <andersk@mit.edu> | 2020-01-01 16:29:34 -0800 |
|---|---|---|
| committer | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2020-01-15 09:47:03 +0100 |
| commit | 3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba (patch) | |
| tree | 7a1f1889004dce271903d69dce5c1f5a2cf92b07 /pkgs/development/guile-modules | |
| parent | 2e5051e2235f93829f0d6531ace21e87f2a486a4 (diff) | |
| download | nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.gz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.bz2 nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.lz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.xz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.zst nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.zip | |
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Diffstat (limited to 'pkgs/development/guile-modules')
| -rw-r--r-- | pkgs/development/guile-modules/guile-lib/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/development/guile-modules/guile-lib/default.nix b/pkgs/development/guile-modules/guile-lib/default.nix index cea464ad5d2..97f501f41db 100644 --- a/pkgs/development/guile-modules/guile-lib/default.nix +++ b/pkgs/development/guile-modules/guile-lib/default.nix @@ -21,7 +21,7 @@ in stdenv.mkDerivation { preCheck = '' # Make `libgcc_s.so' visible for `pthread_cancel'. export LD_LIBRARY_PATH=\ - "$(dirname $(echo ${stdenv.cc.cc.lib}/lib*/libgcc_s.so)):$LD_LIBRARY_PATH" + "$(dirname $(echo ${stdenv.cc.cc.lib}/lib*/libgcc_s.so))''${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH" ''; meta = with stdenv.lib; { |