[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: all xterms

On Tue, Nov 02, 1999 at 07:05:20PM +0100, Tomasz Wegrzanowski was heard to say:
> You dont have to check the .c source. `configure' is a cause of problems.

  I think you mean 'configure.in'.  configure is just a script generated
automatically from configure.in, and that's the proper place to fix it. [1]

> It tries to find all these programs in actual system and throws their paths
> into config.* files. Then it is compilled and they goes both into binary and
> into /etc/Muttrc (commented out here). Mutt works ok with simply `pgp' but
> it tries to run `/usr/bin/pgp'. You can override these settings both in
> `/etc/Muttrc' and `~/.muttrc'. But I think configure should be changed to
> not hardcode paths. But it is 150k sh-script. This is a little problem.

  See above.  configure.in is small and I found the `problem' within seconds
of looking for it.  I'd be surprised if any maintainer accepted a patch which
tried to make things work better by directly modifying configure, since
(a) it's just the Wrong Thing To Do and (b) it would be clobbered next time
autoconf was run.

> Ive sent a patch making pgp and gpg able to lie enywhere shell can find them
> (in $PATH I mean) but it was ignored by maintainer who doesnt consider mutt's
> way wrong one.

  I think I can guess at least one possible reason for doing this.  By searching
anywhere in the path, especially with these particular programs, you
introduce a *potential* security hole.  Knowing exactly which pgp/gpg binary
you're running is a Good Thing. [2]


  [1] You may know this already, but I get tired of people blaming
     autoconf/configure for their problems when the truth is that the person
     who wrote configure.in either didn't know what he/she was doing or just
     made an honest mistake.

  [2] Yes, if you have a small path (/bin:/usr/bin:/usr/local/bin) this isn't `
     likely to be a problem, but hardcoding the path will be equally secure on
     all setups including those with unholy default paths ;-).

The New Testament offers the basis for modern computer coding theory,
in the form of an affirmation of the binary number system.

        But let your communication be Yea, yea; nay, nay:
        for whatsoever is more than these cometh of evil.
                -- Matthew 5:37

Reply to: