Skip to main content
  1. Posts/

Empty Entry in LD_LIBRARY_PATH May Lead to Security Issues

··178 words·1 min·
Linux
Table of Contents

When I want to build glibc using the provided configure script (./configure --prefix=xxx), I saw the following error message:

configure: error: *** LD_LIBRARY_PATH shouldn’t contain the current directory when *** building glibc. Please change the environment variable *** and run configure again.

How could my LD_LIBRARY_PATH contains the current directory? Upon inspecting the env variable, I see a spurious :: inside the value of LD_LIBRARY_PATH, which means an empty item. An empty item is interpreted by ld as the current working directory. As a result, as a result, ld may load library from the current working directory, causing unintended effects, or even security vulnerability if an attacker puts some harmful library in the current directory.

The :: in my LD_LIBRARY_PATH is caused by the initial empty LD_LIBRARY_PATH. For example, if we use export LD_LIBRARY_PATH=/home/xxx/local/lib: $LD_LIBRARY_PATH while LD_LIBRARY_PATH is empty, it actually becomes /home/xxx/local/lib:.

To fix this issue, we need to check if the value of LD_LIBRARY_PATH is empty before using it:

if [-z $LD_LIBRARY_PATH]; then
  export LD_LIBRARY_PATH=/home/xxx/local/lib
else
  export LD_LIBRARY_PATH=/home/xxx/local/lib:$LD_LIBRARY_PATH
fi

References
#

Related

Fix Nvidia Apt Repository Public Key Error
·240 words·2 mins
Linux Ubuntu
Fuzzy-switching Tmux Sessions with Ease
··365 words·2 mins
Linux Tmux
Install LLVM/Clangd from Source on CentOS 7
··445 words·3 mins
Linux Clang C++