gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in the LD_LIBRARY_PATH
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
gnome-shell (Ubuntu) |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
gnome-shell in GNOME Shell 2.31.5 places a zero-length directory name in
the LD_LIBRARY_PATH, which allows local users to gain privileges via a
Trojan horse shared library in the current working directory.
The bug exists in src/gnome-shell.in in the following snippet.
232 pkgconfig = subprocess.
233 stdout=
234 mozjs_sdkdir = pkgconfig.
235 pkgconfig.wait()
236 if pkgconfig.
237 mozjs_libdir = re.sub(
238 if os.path.
239 env['LD_
If LD_LIBRARY_PATH is not set, you have the empty field in the LD_LIBRARY_PATH environment variable.
The patch for the same would be as follows :-
LD_LIBRARY_PATH = os.environ. get('LD_ LIBRARY_ PATH') 'LD_LIBRARY_ PATH'] = os.environ. get('LD_ LIBRARY_ PATH', '') + ':' + mozjs_libdir 'LD_LIBRARY_ PATH'] = mozjs_libdir
if LD_LIBRARY_PATH:
env[
else:
env[