Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 28 Sep 2010 18:42:05 -0500
From: Raphael Geissert <geissert@...ian.org>
To: oss-security@...ts.openwall.com
Subject: RFC: changing the behaviour of ld.so(8) regarding empty items on LD_LIBRARY_PATH

Hi everyone,

I have talked to one of the eglibc Debian maintainers about making ld.so 
ignore empty items on LD_LIBRARY_PATH instead of treating them as '.', and 
he doesn't have any objection.

Although this is a behaviour change, I do not think there is any real case 
where an empty item was added in purpose (I even have yet to see one that 
uses '.'.)
We are therefore considering making this change starting with our next 
stable release.

What do the others think about it? do you think you would follow that change 
too?

This change has been proposed by some people multiple times along the years, 
yet nothing has changed (not even properly discussed, I believe.) Has this 
change ever been proposed to glibc upstream? (maybe the RedHat people can 
help with this.)


There is a similar issue with $PATH, but we have no plans for it so far 
(execvp(8) claims ":/bin:/usr/bin" is the default if $PATH is unset, in some 
setups.)

Regards,
-- 
Raphael Geissert - Debian Developer
www.debian.org - get.debian.net


Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.