public/nixpkgs
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH

Browse Source 
Naive concatenation of $LD_LIBRARY_PATH can result in an empty
colon-delimited segment; this tells glibc to load libraries from the
current directory, which is definitely wrong, and may be a security
vulnerability if the current directory is untrusted.  (See #67234, for
example.)  Fix this throughout the tree.

Signed-off-by: Anders Kaseorg <andersk@mit.edu>
This commit is contained in:
Anders Kaseorg
2020-01-01 16:29:34 -08:00
committed by Frederik Rietdijk
parent 2e5051e223
commit 3cd8ce3bce
48 changed files with 55 additions and 55 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pkgs/development/python-modules/pytorch/default.nix
View File

@@ -105,7 +105,7 @@ let
path = "${cudatoolkit}/lib/stubs/libcuda.so";
}];
cudaStubEnv = lib.optionalString cudaSupport
"LD_LIBRARY_PATH=${cudaStub}\${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH} ";
"LD_LIBRARY_PATH=${cudaStub}\${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH ";
in buildPythonPackage rec {
version = "1.2.0";