summary refs log tree commit diff
path: root/pkgs/servers/plex/default.nix
diff options
context:
space:
mode:
authorAnders Kaseorg <andersk@mit.edu>2020-01-01 16:29:34 -0800
committerFrederik Rietdijk <freddyrietdijk@fridh.nl>2020-01-15 09:47:03 +0100
commit3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba (patch)
tree7a1f1889004dce271903d69dce5c1f5a2cf92b07 /pkgs/servers/plex/default.nix
parent2e5051e2235f93829f0d6531ace21e87f2a486a4 (diff)
downloadnixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.gz
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.bz2
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.lz
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.xz
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.zst
nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.zip
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Diffstat (limited to 'pkgs/servers/plex/default.nix')
-rw-r--r--pkgs/servers/plex/default.nix2
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/servers/plex/default.nix b/pkgs/servers/plex/default.nix
index 267bd4c2600..3d69d219780 100644
--- a/pkgs/servers/plex/default.nix
+++ b/pkgs/servers/plex/default.nix
@@ -97,6 +97,6 @@ buildFHSUserEnv {
 
     # Actually run Plex, prepending LD_LIBRARY_PATH with the libraries from
     # the Plex package.
-    LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$root exec "$root/Plex Media Server"
+    LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$root exec "$root/Plex Media Server"
   '';
 }
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-06-25 08:21:04 +0000