> > [Raphael Geissert] Vulnerable code follows:
> >
> > /usr/bin/cowbell line 4:
> > export LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
>
> [Etienne]
> The second part only adds a colon if LD_LIBRARY_PATH is empty, so this
> whole line is insecure only if ${libdir} is empty (and in that case
> LD_LIBRARY_PATH will start with a colon). However, the previous line
> is :
>
> > libdir="@prefix@/lib/cowbell"
>
> So, I believe that this use is safe.
The full code of ./cowbell.in reads:
1 #!/bin/sh
2
3 libdir="@prefix@/lib/cowbell"
4 export LD_LIBRARY_PATH=${libdir}${LD_LIBRARY_PATH+:$LD_LIBRARY_PATH}
5
6 if [ -e ./@dll@ ] && [ -e ./Makefile.am ]; then
7 echo "*** Running uninstalled @dll@ ***"
8 ARGS="--debug"
9 THIS_EXE="./@dll@"
10 else
11 THIS_EXE="${libdir}/@dll@"
12 fi
13
14 exec @runtime@ --debug $THIS_EXE $ARGS "$@"
I concur with Etienne.
Jo, or Raphael: do you agree that this can be closed?
Jari
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
