[gmx-developers] [Patch, Security] Do not allow empty elements in LD_LIBRARY_PATH
Klaus Kaempf
kkaempf at suse.de
Thu Oct 7 11:35:01 CEST 2010
Hi,
the following file set LD_LIBRARY_PATH in a way that allows empty
elements which means the current directory is included:
/usr/bin/GMXRC.bash
/usr/bin/GMXRC.csh
/usr/bin/GMXRC.zsh
This is a security risk, allowing any user to inject his own libraries.
Patch attached.
Klaus
---
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0001-Do-not-set-LD_LIBRARY_PATH-in-a-way-that-allows-empt.patch
Type: text/x-patch
Size: 2131 bytes
Desc: not available
URL: <http://maillist.sys.kth.se/pipermail/gromacs.org_gmx-developers/attachments/20101007/411d8a58/attachment.bin>
More information about the gromacs.org_gmx-developers
mailing list