Thanks, the patch looks fine. Can you please also provide the ChangeLog file entry?
Cheers, Giuseppe Hayawardh V <[email protected]> writes: > Hi, > > I am attaching a patch for the same. > Please keep me updated on the course of action regarding this. > > Thanks, > Hayawardh > > On Mon, May 30, 2011 at 7:22 PM, Hayawardh V <[email protected]> > wrote: > > Hi, > > In run-icecat.sh in the latest icecat svn are lines such as : > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:$ > {MRE_HOME}${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"} > > Note that this insecure LD_LIBRARY_PATH would lead icecat to > search in the current working directory for libraries. If > malicious libraries are, for example, downloaded off the Internet, > then those would be loaded instead. > > This can be simply fixed as follows (note the : following > LD_LIBRARY_PATH): > > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:$ > {MRE_HOME}${LD_LIBRARY_PATH:+":$LD_LIBRARY_PATH"} > > It seems similar to the issue that Firefox had a few months before > : > https://bugzilla.mozilla.org/show_bug.cgi?id=590753 > > Thanks, > Hayawardh > > > > > > --- run-icecat.sh.orig 2011-05-30 14:16:14.000000000 -0400 > +++ run-icecat.sh 2011-05-30 19:39:03.000000000 -0400 > @@ -310,36 +310,36 @@ > } > if moz_should_set_ld_library_path > then > - > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"} > + > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARY_PATH:+":$LD_LIBRARY_PATH"} > fi > > if [ -n "$LD_LIBRARYN32_PATH" ] > then > - > LD_LIBRARYN32_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARYN32_PATH+":$LD_LIBRARYN32_PATH"} > + > LD_LIBRARYN32_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARYN32_PATH:+":$LD_LIBRARYN32_PATH"} > fi > if [ -n "$LD_LIBRARYN64_PATH" ] > then > - > LD_LIBRARYN64_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARYN64_PATH+":$LD_LIBRARYN64_PATH"} > + > LD_LIBRARYN64_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARYN64_PATH:+":$LD_LIBRARYN64_PATH"} > fi > if [ -n "$LD_LIBRARY_PATH_64" ]; then > - > LD_LIBRARY_PATH_64=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARY_PATH_64+":$LD_LIBRARY_PATH_64"} > + > LD_LIBRARY_PATH_64=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARY_PATH_64:+":$LD_LIBRARY_PATH_64"} > fi > # > # > ## Set SHLIB_PATH for HPUX > -SHLIB_PATH=${MOZ_DIST_BIN}:${MRE_HOME}${SHLIB_PATH+":$SHLIB_PATH"} > +SHLIB_PATH=${MOZ_DIST_BIN}:${MRE_HOME}${SHLIB_PATH:+":$SHLIB_PATH"} > # > ## Set LIBPATH for AIX > -LIBPATH=${MOZ_DIST_BIN}:${MRE_HOME}${LIBPATH+":$LIBPATH"} > +LIBPATH=${MOZ_DIST_BIN}:${MRE_HOME}${LIBPATH:+":$LIBPATH"} > # > ## Set DYLD_LIBRARY_PATH for Mac OS X (Darwin) > -DYLD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MRE_HOME}${DYLD_LIBRARY_PATH+":$DYLD_LIBRARY_PATH"} > +DYLD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MRE_HOME}${DYLD_LIBRARY_PATH:+":$DYLD_LIBRARY_PATH"} > # > ## Set LIBRARY_PATH for BeOS > -LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/components:${MRE_HOME}${LIBRARY_PATH+":$LIBRARY_PATH"} > +LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/components:${MRE_HOME}${LIBRARY_PATH:+":$LIBRARY_PATH"} > # > ## Set ADDON_PATH for BeOS > -ADDON_PATH=${MOZ_DIST_BIN}${ADDON_PATH+":$ADDON_PATH"} > +ADDON_PATH=${MOZ_DIST_BIN}${ADDON_PATH:+":$ADDON_PATH"} > # > ## Solaris Xserver(Xsun) tuning - use shared memory transport if available > if [ "$XSUNTRANSPORT" = "" ] > -- > http://gnuzilla.gnu.org -- http://gnuzilla.gnu.org
