Date: Tue, 28 Sep 2010 18:42:05 -0500 From: Raphael Geissert <geissert@...ian.org> To: oss-security@...ts.openwall.com Subject: RFC: changing the behaviour of ld.so(8) regarding empty items on LD_LIBRARY_PATH Hi everyone, I have talked to one of the eglibc Debian maintainers about making ld.so ignore empty items on LD_LIBRARY_PATH instead of treating them as '.', and he doesn't have any objection. Although this is a behaviour change, I do not think there is any real case where an empty item was added in purpose (I even have yet to see one that uses '.'.) We are therefore considering making this change starting with our next stable release. What do the others think about it? do you think you would follow that change too? This change has been proposed by some people multiple times along the years, yet nothing has changed (not even properly discussed, I believe.) Has this change ever been proposed to glibc upstream? (maybe the RedHat people can help with this.) There is a similar issue with $PATH, but we have no plans for it so far (execvp(8) claims ":/bin:/usr/bin" is the default if $PATH is unset, in some setups.) Regards, -- Raphael Geissert - Debian Developer www.debian.org - get.debian.net
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.