gnu-arch-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Arch hooks

From: Stephen J. Turnbull
Subject: Re: [Gnu-arch-users] Arch hooks
Date: Wed, 01 Oct 2003 04:30:05 +0900
User-agent: Gnus/5.1001 (Gnus v5.10.1) XEmacs/21.4 (Portable Code, linux) 
>>>>> "Tom" == Tom Lord <address@hidden> writes:

    >> From: "Stephen J. Turnbull" <address@hidden>

    >> Realistically, hook scripts in project trees are only mildly
    >> dangerous.

    Tom> That's a very context-specific assertion.  In general, they
    Tom> are a nightmare.

Oh, I see your point, but ... compared to arbitrary code executing as
root?  I think not.  Arch hook scripts are going to be executing as
unprivileged users, unlike "make install".  Any damage you could do
with a hook script you could do with a Makefile patch, and then some.

    Tom> If the danger doesn't worry you, consider the portability
    Tom> issues.

The "danger" does worry me, but it's minor compared to security holes
in other parts of the build system---all of which arch can manipulate
_without_ any hooks, just as part of its normal operation.

Concentrate on the portability issues, and the ways _friendly_ scripts
can screw each other up inadvertantly.


-- 
Institute of Policy and Planning Sciences     http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba                    Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
               Ask not how you can "do" free software business;
              ask what your business can "do for" free software.
reply via email to
[Prev in Thread] Current Thread [Next in Thread]