|
oget
|
|
Post:
Sep 29th 2010 at 3:23 AM |
|
|
Hi,
Today I got a security bug filed in Fedora bugzilla:
https://bugzilla.redhat.com/show_bug.cgi?id=638396
In simple words:
When $LD_LIBRARY_PATH is empty, the line
LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:/usr/lib/tuxguitar/
becomes just
LD_LIBRARY_PATH=:/usr/lib/tuxguitar/
Because of the leading colon, this means that the current working directory is prepended to LD_LIBRARY_PATH. Provided he has write access, the local attacker can place a malicious library where the user is likely to execute the tuxguitar executable and then boom!
The ant .xml files need to be corrected via something like
if [ -z ${LD_LIBRARY_PATH} ]; then
export LD_LIBRARY_PATH=/usr/lib/foo
else
export LD_LIBRARY_PATH=/usr/lib/foo:${LD_LIBRARY_PATH}
fi
|
|
Security flaw in tuxguitar (Linux)
