diff options
author | Anders Kaseorg <andersk@mit.edu> | 2020-01-01 16:29:34 -0800 |
---|---|---|
committer | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2020-01-15 09:47:03 +0100 |
commit | 3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba (patch) | |
tree | 7a1f1889004dce271903d69dce5c1f5a2cf92b07 /pkgs/development/libraries/cutelyst | |
parent | 2e5051e2235f93829f0d6531ace21e87f2a486a4 (diff) | |
download | nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.gz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.bz2 nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.lz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.xz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.zst nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.zip |
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Diffstat (limited to 'pkgs/development/libraries/cutelyst')
-rw-r--r-- | pkgs/development/libraries/cutelyst/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/development/libraries/cutelyst/default.nix b/pkgs/development/libraries/cutelyst/default.nix index 6cd464e5539..2cf611eed27 100644 --- a/pkgs/development/libraries/cutelyst/default.nix +++ b/pkgs/development/libraries/cutelyst/default.nix @@ -24,7 +24,7 @@ stdenv.mkDerivation rec { ]; preBuild = '' - export LD_LIBRARY_PATH="$LD_LIBRARY_PATH:`pwd`/Cutelyst:`pwd`/EventLoopEPoll" + export LD_LIBRARY_PATH="$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}`pwd`/Cutelyst:`pwd`/EventLoopEPoll" ''; postBuild = '' |