Hi, Here it is. Please edit it as you see fit.
* browser/branding/unofficial/run-icecat.sh: Fix insecure LD_LIBRARY_PATH, patch by Hayawardh Vijayakumar <[email protected]> Thanks, Hayawardh On Wed, Jun 1, 2011 at 3:19 AM, Giuseppe Scrivano <[email protected]> wrote: > Thanks, the patch looks fine. Can you please also provide the ChangeLog > file entry? > > Cheers, > Giuseppe > > > > Hayawardh V <[email protected]> writes: > > > Hi, > > > > I am attaching a patch for the same. > > Please keep me updated on the course of action regarding this. > > > > Thanks, > > Hayawardh > > > > On Mon, May 30, 2011 at 7:22 PM, Hayawardh V <[email protected]> > > wrote: > > > > Hi, > > > > In run-icecat.sh in the latest icecat svn are lines such as : > > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:$ > > {MRE_HOME}${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"} > > > > Note that this insecure LD_LIBRARY_PATH would lead icecat to > > search in the current working directory for libraries. If > > malicious libraries are, for example, downloaded off the Internet, > > then those would be loaded instead. > > > > This can be simply fixed as follows (note the : following > > LD_LIBRARY_PATH): > > > > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:$ > > {MRE_HOME}${LD_LIBRARY_PATH:+":$LD_LIBRARY_PATH"} > > > > It seems similar to the issue that Firefox had a few months before > > : > > https://bugzilla.mozilla.org/show_bug.cgi?id=590753 > > > > Thanks, > > Hayawardh > > > > > > > > > > > > --- run-icecat.sh.orig 2011-05-30 14:16:14.000000000 -0400 > > +++ run-icecat.sh 2011-05-30 19:39:03.000000000 -0400 > > @@ -310,36 +310,36 @@ > > } > > if moz_should_set_ld_library_path > > then > > - > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"} > > + > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARY_PATH:+":$LD_LIBRARY_PATH"} > > fi > > > > if [ -n "$LD_LIBRARYN32_PATH" ] > > then > > - > LD_LIBRARYN32_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARYN32_PATH+":$LD_LIBRARYN32_PATH"} > > + > LD_LIBRARYN32_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARYN32_PATH:+":$LD_LIBRARYN32_PATH"} > > fi > > if [ -n "$LD_LIBRARYN64_PATH" ] > > then > > - > LD_LIBRARYN64_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARYN64_PATH+":$LD_LIBRARYN64_PATH"} > > + > LD_LIBRARYN64_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARYN64_PATH:+":$LD_LIBRARYN64_PATH"} > > fi > > if [ -n "$LD_LIBRARY_PATH_64" ]; then > > - > LD_LIBRARY_PATH_64=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARY_PATH_64+":$LD_LIBRARY_PATH_64"} > > + > LD_LIBRARY_PATH_64=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:${MRE_HOME}${LD_LIBRARY_PATH_64:+":$LD_LIBRARY_PATH_64"} > > fi > > # > > # > > ## Set SHLIB_PATH for HPUX > > -SHLIB_PATH=${MOZ_DIST_BIN}:${MRE_HOME}${SHLIB_PATH+":$SHLIB_PATH"} > > +SHLIB_PATH=${MOZ_DIST_BIN}:${MRE_HOME}${SHLIB_PATH:+":$SHLIB_PATH"} > > # > > ## Set LIBPATH for AIX > > -LIBPATH=${MOZ_DIST_BIN}:${MRE_HOME}${LIBPATH+":$LIBPATH"} > > +LIBPATH=${MOZ_DIST_BIN}:${MRE_HOME}${LIBPATH:+":$LIBPATH"} > > # > > ## Set DYLD_LIBRARY_PATH for Mac OS X (Darwin) > > > -DYLD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MRE_HOME}${DYLD_LIBRARY_PATH+":$DYLD_LIBRARY_PATH"} > > > +DYLD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MRE_HOME}${DYLD_LIBRARY_PATH:+":$DYLD_LIBRARY_PATH"} > > # > > ## Set LIBRARY_PATH for BeOS > > > -LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/components:${MRE_HOME}${LIBRARY_PATH+":$LIBRARY_PATH"} > > > +LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/components:${MRE_HOME}${LIBRARY_PATH:+":$LIBRARY_PATH"} > > # > > ## Set ADDON_PATH for BeOS > > -ADDON_PATH=${MOZ_DIST_BIN}${ADDON_PATH+":$ADDON_PATH"} > > +ADDON_PATH=${MOZ_DIST_BIN}${ADDON_PATH:+":$ADDON_PATH"} > > # > > ## Solaris Xserver(Xsun) tuning - use shared memory transport if > available > > if [ "$XSUNTRANSPORT" = "" ] > > -- > > http://gnuzilla.gnu.org >
ChangeLog
Description: Binary data
-- http://gnuzilla.gnu.org
