diff options
-rw-r--r-- | CMakeLists.txt | 3 | ||||
-rw-r--r-- | sway/main.c | 4 | ||||
-rw-r--r-- | sway/sway-security.7.txt | 3 |
3 files changed, 9 insertions, 1 deletions
diff --git a/CMakeLists.txt b/CMakeLists.txt index 83989ecd..cd816e9b 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt | |||
@@ -48,6 +48,9 @@ option(enable-gdk-pixbuf "Use Pixbuf to support more image formats" YES) | |||
48 | option(enable-binding-event "Enables binding event subscription" YES) | 48 | option(enable-binding-event "Enables binding event subscription" YES) |
49 | option(zsh-completions "Zsh shell completions" NO) | 49 | option(zsh-completions "Zsh shell completions" NO) |
50 | option(default-wallpaper "Installs the default wallpaper" YES) | 50 | option(default-wallpaper "Installs the default wallpaper" YES) |
51 | option(ld-library-path "Configures sway's default LD_LIBRARY_PATH" "/usr/lib") | ||
52 | |||
53 | add_definitions(-D_LD_LIBRARY_PATH="${ld-library-path}") | ||
51 | 54 | ||
52 | find_package(JsonC REQUIRED) | 55 | find_package(JsonC REQUIRED) |
53 | find_package(PCRE REQUIRED) | 56 | find_package(PCRE REQUIRED) |
diff --git a/sway/main.c b/sway/main.c index 1db88da2..9746cfb2 100644 --- a/sway/main.c +++ b/sway/main.c | |||
@@ -220,7 +220,9 @@ int main(int argc, char **argv) { | |||
220 | " --get-socketpath Gets the IPC socket path and prints it, then exits.\n" | 220 | " --get-socketpath Gets the IPC socket path and prints it, then exits.\n" |
221 | "\n"; | 221 | "\n"; |
222 | 222 | ||
223 | unsetenv("LD_PRELOAD"); // Security | 223 | // Security: |
224 | unsetenv("LD_PRELOAD"); | ||
225 | setenv("LD_LIBRARY_PATH", _LD_LIBRARY_PATH, 1); | ||
224 | 226 | ||
225 | int c; | 227 | int c; |
226 | while (1) { | 228 | while (1) { |
diff --git a/sway/sway-security.7.txt b/sway/sway-security.7.txt index 451f7b88..b6f18e80 100644 --- a/sway/sway-security.7.txt +++ b/sway/sway-security.7.txt | |||
@@ -62,6 +62,9 @@ compromised by LD_PRELOAD. It probably isn't, but you can be sure by setting | |||
62 | permit LD_PRELOAD for it (and will also run it as root, which sway will shortly | 62 | permit LD_PRELOAD for it (and will also run it as root, which sway will shortly |
63 | drop). You could also statically link sway itself. | 63 | drop). You could also statically link sway itself. |
64 | 64 | ||
65 | Note that LD_LIBRARY_PATH has all of the same problems, and all of the same | ||
66 | solutions. | ||
67 | |||
65 | Read your log | 68 | Read your log |
66 | ------------- | 69 | ------------- |
67 | 70 | ||