diff options
author | Anders Kaseorg <andersk@mit.edu> | 2021-11-04 16:14:48 -0700 |
---|---|---|
committer | Anders Kaseorg <andersk@mit.edu> | 2021-11-04 16:15:05 -0700 |
commit | e12f4db55640401ff06749231a4f4ffcef9a7269 (patch) | |
tree | 457adf28c44553cc6c401a0acf278c06b2ad333b /doc | |
parent | b67e752c29f18a0ca5534a07661366d6a2c2e649 (diff) | |
download | nixlib-e12f4db55640401ff06749231a4f4ffcef9a7269.tar nixlib-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.gz nixlib-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.bz2 nixlib-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.lz nixlib-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.xz nixlib-e12f4db55640401ff06749231a4f4ffcef9a7269.tar.zst nixlib-e12f4db55640401ff06749231a4f4ffcef9a7269.zip |
treewide: Fix unsafe concatenation of $LD_LIBRARY_PATH, round 2
Naive concatenation of $LD_LIBRARY_PATH can result in an empty colon-delimited segment; this tells glibc to load libraries from the current directory, which is definitely wrong, and may be a security vulnerability if the current directory is untrusted. (See #67234, for example.) Fix this throughout the tree. Followup to #76804. Fixes #144646. Signed-off-by: Anders Kaseorg <andersk@mit.edu>
Diffstat (limited to 'doc')
-rw-r--r-- | doc/using/overlays.chapter.md | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/doc/using/overlays.chapter.md b/doc/using/overlays.chapter.md index d2e3b49a6aa9..df152bc14e7b 100644 --- a/doc/using/overlays.chapter.md +++ b/doc/using/overlays.chapter.md @@ -112,7 +112,7 @@ self: super: This overlay uses Intel's MKL library for both BLAS and LAPACK interfaces. Note that the same can be accomplished at runtime using `LD_LIBRARY_PATH` of `libblas.so.3` and `liblapack.so.3`. For instance: ```ShellSession -$ LD_LIBRARY_PATH=$(nix-build -A mkl)/lib:$LD_LIBRARY_PATH nix-shell -p octave --run octave +$ LD_LIBRARY_PATH=$(nix-build -A mkl)/lib${LD_LIBRARY_PATH:+:}$LD_LIBRARY_PATH nix-shell -p octave --run octave ``` Intel MKL requires an `openmp` implementation when running with multiple processors. By default, `mkl` will use Intel's `iomp` implementation if no other is specified, but this is a runtime-only dependency and binary compatible with the LLVM implementation. To use that one instead, Intel recommends users set it with `LD_PRELOAD`. Note that `mkl` is only available on `x86_64-linux` and `x86_64-darwin`. Moreover, Hydra is not building and distributing pre-compiled binaries using it. |