diff options
| author | Anders Kaseorg <andersk@mit.edu> | 2020-01-01 16:29:34 -0800 |
|---|---|---|
| committer | Frederik Rietdijk <freddyrietdijk@fridh.nl> | 2020-01-15 09:47:03 +0100 |
| commit | 3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba (patch) | |
| tree | 7a1f1889004dce271903d69dce5c1f5a2cf92b07 /pkgs/tools/security/neopg | |
| parent | 2e5051e2235f93829f0d6531ace21e87f2a486a4 (diff) | |
| download | nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.gz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.bz2 nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.lz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.xz nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.tar.zst nixpkgs-3cd8ce3bce1e3d89b21caa0d3ad458193f5179ba.zip | |
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Diffstat (limited to 'pkgs/tools/security/neopg')
| -rw-r--r-- | pkgs/tools/security/neopg/default.nix | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/pkgs/tools/security/neopg/default.nix b/pkgs/tools/security/neopg/default.nix index 5e26bcf6759..c58772346ee 100644 --- a/pkgs/tools/security/neopg/default.nix +++ b/pkgs/tools/security/neopg/default.nix @@ -31,7 +31,7 @@ stdenv.mkDerivation rec { dontUseCmakeBuildDir = true; preCheck = '' - export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg + export LD_LIBRARY_PATH=$LD_LIBRARY_PATH''${LD_LIBRARY_PATH:+:}$(pwd)/3rdparty/googletest/googletest:$(pwd)/neopg ''; meta = with stdenv.lib; { |