Summary: | www-client/mozilla-firefox-3.0.5 ignores LD_LIBRARY_PATH | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Jürgen Löb <mithrandir> |
Component: | New packages | Assignee: | Mozilla Gentoo Team <mozilla> |
Status: | RESOLVED FIXED | ||
Severity: | normal | CC: | axiator, pesa, truedfx |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Jürgen Löb
2009-01-28 20:36:33 UTC
Index: mozilla-firefox-3.0.5.ebuild =================================================================== RCS file: /var/cvsroot/gentoo-x86/www-client/mozilla-firefox/mozilla-firefox-3.0.5.ebuild,v retrieving revision 1.12 diff -u -B -r1.12 mozilla-firefox-3.0.5.ebuild --- mozilla-firefox-3.0.5.ebuild 25 Jan 2009 20:22:19 -0000 1.12 +++ mozilla-firefox-3.0.5.ebuild 30 Jan 2009 01:11:16 -0000 @@ -279,7 +279,7 @@ # Create /usr/bin/firefox cat <<EOF >"${D}"/usr/bin/firefox #!/bin/sh -export LD_LIBRARY_PATH="${MOZILLA_FIVE_HOME}" +export LD_LIBRARY_PATH="${MOZILLA_FIVE_HOME}:${LD_LIBRARY_PATH}" exec "${MOZILLA_FIVE_HOME}"/firefox "\$@" EOF fperms 0755 /usr/bin/firefox Jeroens diff should fix the problem. The Problem still exists in 3.0.6. And in 3.0.7 too. The fix is in 3.5-r1, 3.0* will not be touched since they're stable versions. Thanks for reporting :) When LD_LIBRARY_PATH is unset (as it usually is), LD_LIBRARY_PATH will be set to "$MOZILLA_FIVE_HOME":"", where the second entry pulls in the current directory. This is a security hole. Please fix this by doing: export LD_LIBRARY_PATH="${MOZILLA_FIVE_HOME}${LD_LIBRARY_PATH+":${LD_LIBRARY_PATH}"}" or similar. (In reply to comment #5) > When LD_LIBRARY_PATH is unset (as it usually is), LD_LIBRARY_PATH will be set > to "$MOZILLA_FIVE_HOME":"", where the second entry pulls in the current > directory. This is a security hole. Please fix this by doing: > > export > LD_LIBRARY_PATH="${MOZILLA_FIVE_HOME}${LD_LIBRARY_PATH+":${LD_LIBRARY_PATH}"}" > > or similar. > Gah, I truly am an idiot. Not to mention, the "fix" was build-time, not run-time. Fixed for real now, thanks :) |