From cf0d1eba9c59e0f670987f106ab9e27efa756964 Mon Sep 17 00:00:00 2001 From: Mike Blumenkrantz Date: Mon, 29 Feb 2016 08:23:59 -0500 Subject: [PATCH] remove security hole in e_start_main if a file called ~/.e-mtrack existed then during startup the launcher would read the first line of this file and set LD_PRELOAD to that value CID 1039785 --- src/bin/e_start_main.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/bin/e_start_main.c b/src/bin/e_start_main.c index 90130b85a..999693f69 100644 --- a/src/bin/e_start_main.c +++ b/src/bin/e_start_main.c @@ -613,13 +613,13 @@ main(int argc, char **argv) } putchar('\n'); - /* mtrack memory tracker support */ home = getenv("HOME"); if (home) { - FILE *f; const char *tmps; - +#if 0 + FILE *f; + /* mtrack memory tracker support */ /* if you have ~/.e-mtrack, then the tracker will be enabled * using the content of this file as the path to the mtrack.so * shared object that is the mtrack preload */ @@ -643,7 +643,7 @@ main(int argc, char **argv) } fclose(f); } - +#endif tmps = getenv("XDG_DATA_HOME"); if (tmps) snprintf(buf, sizeof(buf), "%s/Applications/.bin", tmps);