blob: 5c400124098cfb584ac16c0cdf28832245046bec (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
From 835c37e99196303195c88932169b73e975115e52 Mon Sep 17 00:00:00 2001
From: Aaron Bockover <abockover@novell.com>
Date: Wed, 20 Oct 2010 16:22:40 +0000
Subject: Fix insecure LD_LIBRARY_PATH (bnc#642505)
A vulnerability existed where if LD_LIBRARY_PATH were set but empty, a
trailing : as a path separator would still be appended to the path,
exposing an insecure/invalid search path. GST_PLUGINS_PATH was similarly
vulnerable.
Using :+: instead of +: prevents this as ${X:+:$X} returns X iff X is
set and not empty whereas ${X+:$X} returns X iff X is set (it may be
empty).
---
diff --git a/src/Clients/Booter/banshee-1.linux.in b/src/Clients/Booter/banshee-1.linux.in
index 9009797..11e8ccd 100644
--- a/src/Clients/Booter/banshee-1.linux.in
+++ b/src/Clients/Booter/banshee-1.linux.in
@@ -7,8 +7,8 @@ MONO_EXE="@expanded_libdir@/@PACKAGE@/$exec_asm"
BANSHEE_EXEC_NAME=$(basename $0)
BANSHEE_CONFIG_DIR="${XDG_CONFIG_HOME:-$HOME/.config}/banshee-1"
-export LD_LIBRARY_PATH=@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions:@expanded_libdir@/@PACKAGE@/Backends:@expanded_libdir@${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
-export GST_PLUGIN_PATH=@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH+:$GST_PLUGIN_PATH}
+export LD_LIBRARY_PATH=@expanded_libdir@/@PACKAGE@:@expanded_libdir@/@PACKAGE@/Extensions:@expanded_libdir@/@PACKAGE@/Backends:@expanded_libdir@${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}
+export GST_PLUGIN_PATH=@expanded_libdir@/@PACKAGE@/gstreamer-0.10${GST_PLUGIN_PATH:+:$GST_PLUGIN_PATH}
if [ $BANSHEE_EXEC_NAME = "muinshee" ]; then
BANSHEE_CLIENT="Muinshee"
export MONO_PATH=@expanded_libdir@/@PACKAGE@/Extensions
--
cgit v0.8.3.1
|
GitWeb
