Thanks again for the patch! I have just committed it. Cheers, Giuseppe
Hayawardh V <[email protected]> writes: > Hi, > > Here it is. Please edit it as you see fit. > > * browser/branding/unofficial/run-icecat.sh: Fix insecure > LD_LIBRARY_PATH, patch by Hayawardh Vijayakumar <[email protected]> > > Thanks, > Hayawardh > > On Wed, Jun 1, 2011 at 3:19 AM, Giuseppe Scrivano <[email protected]> > wrote: > > Thanks, the patch looks fine. Can you please also provide the > ChangeLog > file entry? > > Cheers, > Giuseppe > > > > > > > Hayawardh V <[email protected]> writes: > > > Hi, > > > > I am attaching a patch for the same. > > Please keep me updated on the course of action regarding this. > > > > Thanks, > > Hayawardh > > > > On Mon, May 30, 2011 at 7:22 PM, Hayawardh V > <[email protected]> > > wrote: > > > > Hi, > > > > In run-icecat.sh in the latest icecat svn are lines such as > : > > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:$ > > {MRE_HOME}${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"} > > > > Note that this insecure LD_LIBRARY_PATH would lead icecat to > > search in the current working directory for libraries. If > > malicious libraries are, for example, downloaded off the > Internet, > > then those would be loaded instead. > > > > This can be simply fixed as follows (note the : following > > LD_LIBRARY_PATH): > > > > LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:$ > > {MRE_HOME}${LD_LIBRARY_PATH:+":$LD_LIBRARY_PATH"} > > > > It seems similar to the issue that Firefox had a few months > before > > : > > https://bugzilla.mozilla.org/show_bug.cgi?id=590753 > > > > Thanks, > > Hayawardh > > > > > > > > > > > > > --- run-icecat.sh.orig 2011-05-30 14:16:14.000000000 > -0400 > > +++ run-icecat.sh 2011-05-30 19:39:03.000000000 -0400 > > @@ -310,36 +310,36 @@ > > } > > if moz_should_set_ld_library_path > > then > > - LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:$ > {MRE_HOME}${LD_LIBRARY_PATH+":$LD_LIBRARY_PATH"} > > + LD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/plugins:$ > {MRE_HOME}${LD_LIBRARY_PATH:+":$LD_LIBRARY_PATH"} > > fi > > > > if [ -n "$LD_LIBRARYN32_PATH" ] > > then > > - LD_LIBRARYN32_PATH=${MOZ_DIST_BIN}:$ > {MOZ_DIST_BIN}/plugins:${MRE_HOME}$ > {LD_LIBRARYN32_PATH+":$LD_LIBRARYN32_PATH"} > > + LD_LIBRARYN32_PATH=${MOZ_DIST_BIN}:$ > {MOZ_DIST_BIN}/plugins:${MRE_HOME}$ > {LD_LIBRARYN32_PATH:+":$LD_LIBRARYN32_PATH"} > > fi > > if [ -n "$LD_LIBRARYN64_PATH" ] > > then > > - LD_LIBRARYN64_PATH=${MOZ_DIST_BIN}:$ > {MOZ_DIST_BIN}/plugins:${MRE_HOME}$ > {LD_LIBRARYN64_PATH+":$LD_LIBRARYN64_PATH"} > > + LD_LIBRARYN64_PATH=${MOZ_DIST_BIN}:$ > {MOZ_DIST_BIN}/plugins:${MRE_HOME}$ > {LD_LIBRARYN64_PATH:+":$LD_LIBRARYN64_PATH"} > > fi > > if [ -n "$LD_LIBRARY_PATH_64" ]; then > > - LD_LIBRARY_PATH_64=${MOZ_DIST_BIN}:$ > {MOZ_DIST_BIN}/plugins:${MRE_HOME}$ > {LD_LIBRARY_PATH_64+":$LD_LIBRARY_PATH_64"} > > + LD_LIBRARY_PATH_64=${MOZ_DIST_BIN}:$ > {MOZ_DIST_BIN}/plugins:${MRE_HOME}$ > {LD_LIBRARY_PATH_64:+":$LD_LIBRARY_PATH_64"} > > fi > > # > > # > > ## Set SHLIB_PATH for HPUX > > -SHLIB_PATH=${MOZ_DIST_BIN}:${MRE_HOME}$ > {SHLIB_PATH+":$SHLIB_PATH"} > > +SHLIB_PATH=${MOZ_DIST_BIN}:${MRE_HOME}$ > {SHLIB_PATH:+":$SHLIB_PATH"} > > # > > ## Set LIBPATH for AIX > > -LIBPATH=${MOZ_DIST_BIN}:${MRE_HOME}${LIBPATH+":$LIBPATH"} > > +LIBPATH=${MOZ_DIST_BIN}:${MRE_HOME}${LIBPATH:+":$LIBPATH"} > > # > > ## Set DYLD_LIBRARY_PATH for Mac OS X (Darwin) > > -DYLD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MRE_HOME}$ > {DYLD_LIBRARY_PATH+":$DYLD_LIBRARY_PATH"} > > +DYLD_LIBRARY_PATH=${MOZ_DIST_BIN}:${MRE_HOME}$ > {DYLD_LIBRARY_PATH:+":$DYLD_LIBRARY_PATH"} > > # > > ## Set LIBRARY_PATH for BeOS > > -LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/components:$ > {MRE_HOME}${LIBRARY_PATH+":$LIBRARY_PATH"} > > +LIBRARY_PATH=${MOZ_DIST_BIN}:${MOZ_DIST_BIN}/components:$ > {MRE_HOME}${LIBRARY_PATH:+":$LIBRARY_PATH"} > > # > > ## Set ADDON_PATH for BeOS > > -ADDON_PATH=${MOZ_DIST_BIN}${ADDON_PATH+":$ADDON_PATH"} > > +ADDON_PATH=${MOZ_DIST_BIN}${ADDON_PATH:+":$ADDON_PATH"} > > # > > ## Solaris Xserver(Xsun) tuning - use shared memory transport > if available > > if [ "$XSUNTRANSPORT" = "" ] > > -- > > http://gnuzilla.gnu.org > -- http://gnuzilla.gnu.org
