Re: QA needed for insecure LD_LIBRARY_PATH in many wrapper scripts

Vineet Kumar wrote:
> * Stefan Fritsch (sf@debian.org) [071116 13:03]:
>> is unset. (Actually, some scripts use "${LD_LIBRARY_PATH+:
>> $LD_LIBRARY_PATH}", which seems to work, too. But this is not
>> documented in the bash man page, at least I can't find it.)
>
> The difference between ${PARAMETER:+WORD} and ${PARAMETER+WORD} is
> subtle, and you're right, it's not documented in the bash man page.

>From the bash manpage:

       In each of the cases below, word is subject to tilde expansion, parame‐
       ter expansion, command substitution, and  arithmetic  expansion.   When
       not  performing substring expansion, bash tests for a parameter that is
       unset or null; omitting the colon results in a test only for a  parame‐
       ter that is unset.

But I agree that I would not have found it if I did not know what to search.

> It is part of the POSIX shell standard, though.

Yes, and posh has it. I prefer the formulation from the posh manpage:

       In the above modifiers, the : can be omitted, in which case the
       conditions only depend on name being set (as opposed to set and not
       null). [...]

  Vincent

-- 
Vincent Danjean       GPG key ID 0x9D025E87         vdanjean@debian.org
GPG key fingerprint: FC95 08A6 854D DB48 4B9A  8A94 0BF7 7867 9D02 5E87
Unofficial pacakges: 
http://www-id.imag.fr/~danjean/deb.html#package
APT repo:  deb 
http://perso.debian.org/~vdanjean/debian unstable main


-- 
To UNSUBSCRIBE, email to debian-security-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org