Torch probably doesn't even need to set LD_LIBRARY_PATH. If LD_LIBRARY_PATH is only being set so that binaries distributed by torch work, then I'd strongly suggest they use RUNPATH instead with $ORIGIN.<p>There are examples in various places:<p><a href="https://enchildfone.wordpress.com/2010/03/23/a-description-of-rpath-origin-ld_library_path-and-portable-linux-binaries/" rel="nofollow">https://enchildfone.wordpress.com/2010/03/23/a-description-o...</a>
<a href="http://man7.org/linux/man-pages/man8/ld.so.8.html" rel="nofollow">http://man7.org/linux/man-pages/man8/ld.so.8.html</a>
<a href="http://longwei.github.io/rpath_origin/" rel="nofollow">http://longwei.github.io/rpath_origin/</a><p>LD_LIBRARY_PATH is really only for a developer's local use; it should never be used for installed software.<p>Disclaimer: may not apply in some scenarios, I haven't used Torch, so this is merely a general observation.
How to safely prepend a directory to a PATH-like variable (in any POSIX-compliant shell):<p>export LD_LIBRARY_PATH=/opt/whatever/lib${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}<p>Pull request sent to <a href="https://github.com/torch/distro/pull/228" rel="nofollow">https://github.com/torch/distro/pull/228</a>.
More concerning to me is that ld.so will interpret a trailing `:` in LD_LIBRARY_PATH to mean to include PWD.<p>Where is this documented? It's not indicated in ld.so's manpage:<p><a href="http://man7.org/linux/man-pages/man8/ld.so.8.html" rel="nofollow">http://man7.org/linux/man-pages/man8/ld.so.8.html</a><p>Sounds like a bug in GNU's ld.so more than anything.
Buried in there is "Torch machine learning library", which then allowed me to figure out what software was being blamed. <a href="http://torch.ch/" rel="nofollow">http://torch.ch/</a>
On most modern Mac OS installations, this is a non-issue. System Integrity Protection doesn't honor any changes to LD_LIBRARY_PATH, presumably for exactly this sort of reason. (Of course, one might have turned off SIP, in which case this is no longer true, but it's nice to know it's the default).
on a similar note, this (having '.' or $(pwd) on LD_LIBRARY_PATH) also broke the `ls` command (and a bunch of other stuff) in the TeamWin Recovery Project (TWRP) recovery on mobile devices when you were in `/system/lib` on a 64-bit machine.<p><a href="https://github.com/omnirom/android_bootable_recovery/commit/9c3b7e990e162319cb379545b458838478a19eb0" rel="nofollow">https://github.com/omnirom/android_bootable_recovery/commit/...</a>
Why is torchs install so weird? Why can't it use standard package management, and why does it need to install to my home directory? I'm not surprised to see it causes security issues.