Re: bashims in debian/rules
Simon Kagedal:
> [someone Simon does not identify:]
> > So it's a good thing not rely on fixed paths for programs. I like the
> > suggestion for SHELL=`which bash` very much.
There is not so much of a problem with using a fixed path for a
program like bash which is also a script interpreter. They have to
have defined locations anyway, for #! lines. So, /bin/bash is
guaranteed to exist and we can use it. Are you sure that
SHELL=`which bash` doesn't cause it to be repeatedly evaluated ?
Also, I'm not sure I'd trust `which' so much. `which' &co frequently
have odd behaviours, and the user might have a `which' script which
doesn't something different.
> But isn't there a security problem with that? Someone could've put a
> hacked bash in your path or something...
<fx: extreme sarcasm>
Oh no ! Horror ! Why didn't we think of that ? Shit ! I must
remember that every time I type `ls' I should be typing `/bin/ls' in
case someone has put a hacked `ls' on my PATH ...
Seriously, you have obviously been reading too much about security
holes without understanding the complaints. PATH is only dangerous if
it is used by a privileged program when it came from an untrusted
environment. The debian/rules script has to trust the environment
anyway, and has no special privilege.
> (btw, isn't SHELL=bash the same? Make searches PATH itself,
> doesn't it?)
If it does then we should do SHELL=bash. Otherwise IMO we should do
SHELL=/bin/bash.
Ian.
--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-devel-request@lists.debian.org .
Trouble? e-mail to templin@bucknell.edu .
Reply to: