1. 34

  2. 6

    Normal/idiomatic installer behavior is to add a file to /etc/ld.so.conf.d/ indicating the path to your new shared object, and/or using rpath and $ORIGIN.

    Setting LD_LIBRARY_PATH / LD_PRELOAD should ordinarily be reserved for individual developers doing specific experiments, or perhaps virtualenv-style environments.

    1. 5

      Interesting read, although it leaves out several key pieces of information. Like just what is “torch”? Looks like it is this. And why not link to binwalk while you’re at it?

      But yeah, it’s a bad idea to set someone else’s LD_LIBRARY_PATH. Torch should have provided a shell script that sets it just for itself when invoked (that’s how we do it). But I never knew that about the trailing ‘:’!

      1. 1

        This is why I rather put the existing variable as a prefix, instead of suffix.

        1. 3

          Which does absolutely nothing. An empty element is treated as . regardless of whether it’s first or last or in the middle.

          1. 1

            Is there any simple way to avoid leaving any leading or trailing :? This isn’t as simple as I’d like:

            LD_LIBRARY_PATH=$(sh -c 'IFS=:; echo "$*"' -- $LD_LIBRARY_PATH EXTRA PATHS)

            1. 6


              See Single Unix Specification, 2.6.2 Shell Command Language → Word Expansions → Parameter expansion.

              ${parameter:+word}: substitute word if parameter is set and not null, null otherwise.

        2. 2

          The question is, did the author contract upstream to, you know, report this security bug? :P

          1. 0

            If you bypass your distro’s package manager, you get what you deserve.

            1. 6

              But millions of eyeballs have already verified this code is fine.

              1. 3

                That is such an unfounded and opinion-based statement that it could be seen as religious.

                1. 1

                  unfounded and opinion-based

                  I maintain my own Gentoo overlay just so I don’t have to increase the complexity of my distro with additional package managers: https://github.com/stefantalpalaru/gentoo-overlay

                  What exactly do you base your own opinion on?