From ba136c768b2e9cb3dd712424bd7d2fd442ea41b6 Mon Sep 17 00:00:00 2001 From: eap Date: Tue, 1 Mar 2011 13:37:47 +0000 Subject: [PATCH] 0021196: [CEA 456] Integration and merge modification for debian packages Only append : when LD_LIBRARY_PATH is set, to avoid having it default to . and execute arbitrary code. This fixes Debian bug 598421 and CVE vulnerability CVE-2010-3377 --- bin/runLightSalome.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/bin/runLightSalome.sh b/bin/runLightSalome.sh index 2fe2866b9..9f6dcb1cc 100755 --- a/bin/runLightSalome.sh +++ b/bin/runLightSalome.sh @@ -137,7 +137,7 @@ if [ "${MY_PATH}" != "" ] ; then export PATH=${MY_PATH}:${PATH} fi if [ "${MY_LD_LIBRARY_PATH}" != "" ] ; then - export LD_LIBRARY_PATH=${MY_LD_LIBRARY_PATH}:${LD_LIBRARY_PATH} + export LD_LIBRARY_PATH=${MY_LD_LIBRARY_PATH}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} fi if [ "${PYTHONPATH}" != "" ] ; then export PYTHONPATH=${MY_PYTHONPATH}:${PYTHONPATH} -- 2.39.2