• Oswald Buddenhagen's avatar
    fix security hole: don't add an empty element to LD_LIBRARY_PATH · 3c00715c
    Oswald Buddenhagen authored
    if LD_LIBRARY_PATH was empty, the wrapper script would add the empty
    element to the path.
    
    > The trailing colon is treated by ld.so as another item on the list,
    > and empty items are treated as '.' (CWD). Therefore, if a user
    > executes qtcreator from a directory where there's a library that would
    > have normally been loaded from the standard library paths the local
    > library would be loaded instead.
    > This has the potential effect of arbitrary code execution.
    
    Reviewed-by: thiago
    Task-number: CVE-2010-3374
    3c00715c
Name
Last commit
Last update
bin Loading commit data...
dist Loading commit data...
doc Loading commit data...
scripts Loading commit data...
share Loading commit data...
src Loading commit data...
tests Loading commit data...
.gitignore Loading commit data...
HACKING Loading commit data...
LGPL_EXCEPTION.TXT Loading commit data...
LICENSE.LGPL Loading commit data...
README Loading commit data...
qtcreator.pri Loading commit data...
qtcreator.pro Loading commit data...