When I want to build glibc using the provided configure script (./configure --prefix=xxx),
I saw the following error message:
configure: error: *** LD_LIBRARY_PATH shouldn’t contain the current directory when *** building glibc. Please change the environment variable *** and run configure again.
How could my LD_LIBRARY_PATH contains the current directory? Upon inspecting
the env variable, I see a spurious :: inside the value of LD_LIBRARY_PATH,
which means an empty item. An empty item is interpreted by ld as the current
working directory. As a result, as a result, ld may load library from the
current working directory, causing unintended effects, or even security
vulnerability if an attacker puts some harmful library in the current
directory.
The :: in my LD_LIBRARY_PATH is caused by the initial empty LD_LIBRARY_PATH.
For example, if we use export LD_LIBRARY_PATH=/home/xxx/local/lib: $LD_LIBRARY_PATH while LD_LIBRARY_PATH is empty, it actually becomes
/home/xxx/local/lib:.
To fix this issue, we need to check if the value of LD_LIBRARY_PATH is empty
before using it:
if [-z $LD_LIBRARY_PATH]; then
export LD_LIBRARY_PATH=/home/xxx/local/lib
else
export LD_LIBRARY_PATH=/home/xxx/local/lib:$LD_LIBRARY_PATH
fi