[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Arch hooks
From: |
Stephen J. Turnbull |
Subject: |
Re: [Gnu-arch-users] Arch hooks |
Date: |
Wed, 01 Oct 2003 04:30:05 +0900 |
User-agent: |
Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux) |
>>>>> "Tom" == Tom Lord <address@hidden> writes:
>> From: "Stephen J. Turnbull" <address@hidden>
>> Realistically, hook scripts in project trees are only mildly
>> dangerous.
Tom> That's a very context-specific assertion. In general, they
Tom> are a nightmare.
Oh, I see your point, but ... compared to arbitrary code executing as
root? I think not. Arch hook scripts are going to be executing as
unprivileged users, unlike "make install". Any damage you could do
with a hook script you could do with a Makefile patch, and then some.
Tom> If the danger doesn't worry you, consider the portability
Tom> issues.
The "danger" does worry me, but it's minor compared to security holes
in other parts of the build system---all of which arch can manipulate
_without_ any hooks, just as part of its normal operation.
Concentrate on the portability issues, and the ways _friendly_ scripts
can screw each other up inadvertantly.
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Ask not how you can "do" free software business;
ask what your business can "do for" free software.
[Gnu-arch-users] Arch hooks, Mark A. Flacy, 2003/09/30