fix security hole: don't add an empty element to LD_LIBRARY_PATH 1.3
authorOswald Buddenhagen <oswald.buddenhagen@nokia.com>
Wed, 22 Sep 2010 18:05:03 +0000 (20:05 +0200)
committerOswald Buddenhagen <oswald.buddenhagen@nokia.com>
Wed, 22 Sep 2010 18:05:03 +0000 (20:05 +0200)
commit3c00715c8e90c57953ec4a8716110f6954e524e4
treedfd8b2f3a21bbadc93992e12e004080df3c97dd4
parent245f8652b83b24b7f60881fd27e62f1c7c98becc
fix security hole: don't add an empty element to LD_LIBRARY_PATH

if LD_LIBRARY_PATH was empty, the wrapper script would add the empty
element to the path.

> The trailing colon is treated by ld.so as another item on the list,
> and empty items are treated as '.' (CWD). Therefore, if a user
> executes qtcreator from a directory where there's a library that would
> have normally been loaded from the standard library paths the local
> library would be loaded instead.
> This has the potential effect of arbitrary code execution.

Reviewed-by: thiago
Task-number: CVE-2010-3374
bin/qtcreator