From a4e92ad2723a9c33c029f90f8a2af054bf74e1ce Mon Sep 17 00:00:00 2001 From: Drew DeVault Date: Fri, 2 Dec 2016 10:23:30 -0500 Subject: [PATCH] Deal with LD_LIBRARY_PATH --- CMakeLists.txt | 3 +++ sway/main.c | 4 +++- sway/sway-security.7.txt | 3 +++ 3 files changed, 9 insertions(+), 1 deletion(-) diff --git a/CMakeLists.txt b/CMakeLists.txt index 83989ecd..cd816e9b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -48,6 +48,9 @@ option(enable-gdk-pixbuf "Use Pixbuf to support more image formats" YES) option(enable-binding-event "Enables binding event subscription" YES) option(zsh-completions "Zsh shell completions" NO) option(default-wallpaper "Installs the default wallpaper" YES) +option(ld-library-path "Configures sway's default LD_LIBRARY_PATH" "/usr/lib") + +add_definitions(-D_LD_LIBRARY_PATH="${ld-library-path}") find_package(JsonC REQUIRED) find_package(PCRE REQUIRED) diff --git a/sway/main.c b/sway/main.c index 1db88da2..9746cfb2 100644 --- a/sway/main.c +++ b/sway/main.c @@ -220,7 +220,9 @@ int main(int argc, char **argv) { " --get-socketpath Gets the IPC socket path and prints it, then exits.\n" "\n"; - unsetenv("LD_PRELOAD"); // Security + // Security: + unsetenv("LD_PRELOAD"); + setenv("LD_LIBRARY_PATH", _LD_LIBRARY_PATH, 1); int c; while (1) { diff --git a/sway/sway-security.7.txt b/sway/sway-security.7.txt index 451f7b88..b6f18e80 100644 --- a/sway/sway-security.7.txt +++ b/sway/sway-security.7.txt @@ -62,6 +62,9 @@ compromised by LD_PRELOAD. It probably isn't, but you can be sure by setting permit LD_PRELOAD for it (and will also run it as root, which sway will shortly drop). You could also statically link sway itself. +Note that LD_LIBRARY_PATH has all of the same problems, and all of the same +solutions. + Read your log -------------