From a4e92ad2723a9c33c029f90f8a2af054bf74e1ce Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 10:23:30 -0500 Subject: Deal with LD_LIBRARY_PATH --- sway/main.c | 4 +++- sway/sway-security.7.txt | 3 +++ 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'sway') diff --git a/sway/main.c b/sway/main.c index 1db88da2..9746cfb2 100644 --- a/sway/main.c +++ b/sway/main.c @@ -220,7 +220,9 @@ int main(int argc, char **argv) { " --get-socketpath Gets the IPC socket path and prints it, then exits.\n" "\n"; - unsetenv("LD_PRELOAD"); // Security + // Security: + unsetenv("LD_PRELOAD"); + setenv("LD_LIBRARY_PATH", _LD_LIBRARY_PATH, 1); int c; while (1) { diff --git a/sway/sway-security.7.txt b/sway/sway-security.7.txt index 451f7b88..b6f18e80 100644 --- a/sway/sway-security.7.txt +++ b/sway/sway-security.7.txt @@ -62,6 +62,9 @@ compromised by LD_PRELOAD. It probably isn't, but you can be sure by setting permit LD_PRELOAD for it (and will also run it as root, which sway will shortly drop). You could also statically link sway itself. +Note that LD_LIBRARY_PATH has all of the same problems, and all of the same +solutions. + Read your log ------------- -- cgit v1.2.3