|
|
| Applications |
| Mailing Lists |
| Miscellaneous |
| Operating Systems |
| Programming |
Re: QA needed for insecure LD_LIBRARY_PATH in many wrapper scripts
Date: Tue Nov 20 2007 - 02:24:10 EST
- Stefan Fritsch (sf@debian.org) [071116 13:03]:
> is unset. (Actually, some scripts use "${LD_LIBRARY_PATH+:
> $LD_LIBRARY_PATH}", which seems to work, too. But this is not
> documented in the bash man page, at least I can't find it.)
The difference between ${PARAMETER:+WORD} and ${PARAMETER+WORD} is subtle, and you're right, it's not documented in the bash man page. It is part of the POSIX shell standard, though. ${PARAMETER:+WORD} substitutes WORD if PARAMETER is set and non-empty. ${PARAMETER+WORD} substitutes WORD if PARAMETER is set, empty or not. For example:
vineet@sprocket:~$ FOO=
vineet@sprocket:~$ echo ${FOO+BAR}
BAR
vineet@sprocket:~$ echo ${FOO:+BAR}
vineet@sprocket:~$ unset FOO
vineet@sprocket:~$ echo ${FOO+BAR}
vineet@sprocket:~$ echo ${FOO:+BAR}
vineet@sprocket:~$
In many cases they'll be equivalent, but in the LD_LIBRARY_PATH case, I'd recommend using the colon-form. If someone has set an empty LD_LIBRARY_PATH, the correct behavior is just to add the directory you want; you don't want to stick an extra empty pathname component in there.
good times,
Vineet
-- http://www.doorstop.net/ -- "As we enjoy great advantages from inventions of others, we should be glad of an opportunity to serve others by any invention of ours; and this we should do freely and generously." --Benjamin Franklin
-- To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
- application/pgp-signature attachment: Digital signature
This archive was generated by hypermail 2.1.8 : Wed Mar 19 2008 - 06:54:17 EDT
|
Contact Us Legal Notices Order Services Online Pantek Home Privacy Policy IT news Site Map Pantek Library |