On Fri, Oct 01, 2010 at 07:55:02PM +1000, Aníbal Monsalve Salazar wrote: > On Thu, Sep 30, 2010 at 10:44:42AM +0900, Simon Horman wrote: > >I received this through the Debian bug tracker. > >Its not immediately clear to me what an appropriate fix would be. > > The following diff shows how I fixed "qtparted: CVE-2010-3375: insecure > library loading" bug. > > -export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH" > > > +LD_LIBRARY_PATH=$( echo "$LD_LIBRARY_PATH" | sed "s/\s//g" ) > > > +if [ -n "$LD_LIBRARY_PATH" ] > > > +then > > > + export LD_LIBRARY_PATH="$QTDIR/lib:$LD_LIBRARY_PATH" > > > +else > > > + export LD_LIBRARY_PATH="$QTDIR/lib" > > > +fi > > > export PATH=/sbin:/usr/sbin:/bin:/usr/bin:$PATH > > > > Please note that if you also set PATH as above, you'll have to check > $PATH before adding it with ":$PATH" to PATH. > > if $PATH is empty then ":$PATH" is equivalent to ":." and you don't want > to add "." to the path search. >
Thanks Aníbal, poking a little further it seems that the problem has been addressed by the following recent upstream patch. Do you have any thoughts on it? # HG changeset patch # User Dejan Muhamedagic <de...@hello-penguin.com> # Date 1284894558 -7200 # Node ID 2773e5850003fb90995a27811752224fde96c2b7 # Parent 9d67fff01b34e87b6a855f1ea9b8a8accb771680 Low: SAPDatabase,SAPInstance: improve LD_LIBRARY_PATH processing (bnc#640026) diff -r 9d67fff01b34 -r 2773e5850003 heartbeat/SAPDatabase --- a/heartbeat/SAPDatabase Thu Sep 16 09:48:04 2010 +0200 +++ b/heartbeat/SAPDatabase Sun Sep 19 13:09:18 2010 +0200 @@ -967,7 +967,8 @@ # as root user we need the library path to the SAP kernel to be able to call executables if [ `echo $LD_LIBRARY_PATH | grep -c "^$DIR_EXECUTABLE\>"` -eq 0 ]; then - LD_LIBRARY_PATH=$DIR_EXECUTABLE:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH + LD_LIBRARY_PATH=$DIR_EXECUTABLE${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH + export LD_LIBRARY_PATH fi sidadm="`echo $SID | tr [:upper:] [:lower:]`adm" diff -r 9d67fff01b34 -r 2773e5850003 heartbeat/SAPInstance --- a/heartbeat/SAPInstance Thu Sep 16 09:48:04 2010 +0200 +++ b/heartbeat/SAPInstance Sun Sep 19 13:09:18 2010 +0200 @@ -297,7 +297,8 @@ # as root user we need the library path to the SAP kernel to be able to call sapcontrol if [ `echo $LD_LIBRARY_PATH | grep -c "^$DIR_EXECUTABLE\>"` -eq 0 ]; then - LD_LIBRARY_PATH=$DIR_EXECUTABLE:$LD_LIBRARY_PATH; export LD_LIBRARY_PATH + LD_LIBRARY_PATH=$DIR_EXECUTABLE${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH + export LD_LIBRARY_PATH fi sidadm="`echo $SID | tr [:upper:] [:lower:]`adm" _______________________________________________________ Linux-HA-Dev: Linux-HA-Dev@lists.linux-ha.org http://lists.linux-ha.org/mailman/listinfo/linux-ha-dev Home Page: http://linux-ha.org/