forked from mirrors/nixpkgs
e12f4db556
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Followup to #76804. Fixes #144646. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
13 lines
552 B
Diff
13 lines
552 B
Diff
diff --git a/data/gamemoderun b/data/gamemoderun
|
|
index 573b3e4..6f2799e 100755
|
|
--- a/data/gamemoderun
|
|
+++ b/data/gamemoderun
|
|
@@ -5,5 +5,6 @@ GAMEMODEAUTO_NAME="libgamemodeauto.so.0"
|
|
|
|
# ld will find the right path to load the library, including for 32-bit apps.
|
|
LD_PRELOAD="${GAMEMODEAUTO_NAME}${LD_PRELOAD:+:$LD_PRELOAD}"
|
|
+LD_LIBRARY_PATH="@libraryPath@${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH"
|
|
|
|
-exec env LD_PRELOAD="${LD_PRELOAD}" $GAMEMODERUNEXEC "$@"
|
|
+exec env LD_PRELOAD="${LD_PRELOAD}" LD_LIBRARY_PATH="${LD_LIBRARY_PATH}" $GAMEMODERUNEXEC "$@"
|