diff options
author | Anders Kaseorg <andersk@mit.edu> | 2020-01-01 16:29:34 -0800 |
---|---|---|
committer | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2020-01-15 09:47:03 +0100 |
commit | 3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba (patch) | |
tree | 7a1f1889004dce271903d69dce5c1f5a2cf92b07 /pkgs/servers/plex/default.nix | |
parent | 2e5051e2235f93829f0d6531ace21e87f2a486a4 (diff) | |
download | nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.gz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.bz2 nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.lz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.xz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.zst nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.zip |
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Diffstat (limited to 'pkgs/servers/plex/default.nix')
-rw-r--r-- | pkgs/servers/plex/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/servers/plex/default.nix b/pkgs/servers/plex/default.nix index 267bd4c2600..3d69d219780 100644 --- a/pkgs/servers/plex/default.nix +++ b/pkgs/servers/plex/default.nix @@ -97,6 +97,6 @@ buildFHSUserEnv { # Actually run Plex, prepending LD_LIBRARY_PATH with the libraries from # the Plex package. - LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$root exec "$root/Plex Media Server" + LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$root exec "$root/Plex Media Server" ''; } |