From e12f4db55640401ff06749231a4f4ffcef9a7269 Mon Sep 17 00:00:00 2001 From: Anders Kaseorg Date: Thu, 4 Nov 2021 16:14:48 -0700 Subject: treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH, round 2 Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Followup to #76804. Fixes #144646. Signed-off-by: Anders Kaseorg --- doc/using/overlays.chapter.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'doc/using') diff --git a/doc/using/overlays.chapter.md b/doc/using/overlays.chapter.md index d2e3b49a6aa..df152bc14e7 100644 --- a/doc/using/overlays.chapter.md +++ b/doc/using/overlays.chapter.md @@ -112,7 +112,7 @@ self: super: This overlay uses Intel's MKL library for both BLAS and LAPACK interfaces. Note that the same can be accomplished at runtime using `LD_LIBRARY_PATH` of `libblas.so.3` and `liblapack.so.3`. For instance: ```ShellSession -$ LD_LIBRARY_PATH=$(nix-build -A mkl)/lib:$LD_LIBRARY_PATH nix-shell -p octave --run octave +$ LD_LIBRARY_PATH=$(nix-build -A mkl)/lib${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH nix-shell -p octave --run octave ``` Intel MKL requires an `openmp` implementation when running with multiple processors. By default, `mkl` will use Intel's `iomp` implementation if no other is specified, but this is a runtime-only dependency and binary compatible with the LLVM implementation. To use that one instead, Intel recommends users set it with `LD_PRELOAD`. Note that `mkl` is only available on `x86_64-linux` and `x86_64-darwin`. Moreover, Hydra is not building and distributing pre-compiled binaries using it. -- cgit 1.4.1