[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[gnuastro-commits] master 104b657 06/14: Configuration warning if PATH i
From: |
Mohammad Akhlaghi |
Subject: |
[gnuastro-commits] master 104b657 06/14: Configuration warning if PATH includes current directory |
Date: |
Sun, 17 Dec 2017 11:31:18 -0500 (EST) |
branch: master
commit 104b657612746952cab5090fa50de9f5c54af906
Author: Mohammad Akhlaghi <address@hidden>
Commit: Mohammad Akhlaghi <address@hidden>
Configuration warning if PATH includes current directory
Having the current directory in PATH can be a major security risk. Since we
do the check here in Gnuastro, it now prints a warning at the end to inform
the users of this risk. It is irrelevant to Gnuastro, but can be useful for
users who have done this without understanding its risks. The major risks
are described in the warning message.
---
configure.ac | 88 ++++++++++++++++++++++++++++++++++++++++++++----------------
1 file changed, 65 insertions(+), 23 deletions(-)
diff --git a/configure.ac b/configure.ac
index f59d04a..dc7a7b7 100644
--- a/configure.ac
+++ b/configure.ac
@@ -60,29 +60,6 @@ AC_SUBST(GAL_LT_VERSION)
-# Remove any occurance of `./' or `.' in PATH. The main problem is the
-# `libtool' executable which Gnuastro builds internally in the top build
-# directory. However, we also need to know if the system has libtool or
-# not.
-#
-# The first expression will remove occurance of `./' or `.'. If they are in
-# the middle of the path, then their removal will result in `::' (or
-# possibly more if they are immedately after each other). The second
-# expression will change `::' to `:'. If the removed paths are in the start
-# or end of the string, then an extra `:' will be present. So the third and
-# fourth expressions respectively remove them.
-PATH=$(AS_ECHO([$PATH]) | sed -e 's/\.\/*//g' -e 's/::*/:/g' -e 's/^://' -e
's/:$//')
-
-
-
-
-# By default we assume no warnings
-anywarnings=no
-
-
-
-
-
# Checks for programs.
: ${CFLAGS=""}
AC_PROG_CC
@@ -171,6 +148,55 @@ AC_DEFINE_UNQUOTED([GAL_CONFIG_SIZEOF_LONG],
[$ac_cv_sizeof_long],
+# By default we assume no warnings
+anywarnings=no
+
+
+
+
+
+# Remove any occurance of the current directory `./', `.', or the full
+# address of the current directory in PATH. The main problem is the
+# `libtool' executable which Gnuastro builds internally in the top build
+# directory. However, we also need to know if the system has libtool or
+# not.
+AC_MSG_CHECKING(if PATH contains current directory)
+oldPATH=$PATH
+currpwd=$(pwd)
+
+# The first call to SED will remove any occurance of the current directory:
+# `./', `.', or the full address.
+#
+# NOTE 1: We cannot simply remove all `.'s, because hidden directories
+# (like the `~/.local' that is suggested for local
+# installations) will also be altered.
+#
+# NOTE 2: An empty string in the list of strings (separated by `:')
+# means the current directory. This includes cases like: `::',
+# or a leading and trailing `:'. So after all the removals of
+# the current directory, we will remove all such cases.
+#
+# NOTE 3: The SED separator can be any character immediately after `s',
+# it doesn't just have to be the commonly used `/'. Since `$pwd'
+# will possibly contain many `/'s, it is much more easier to use
+# a differen separator (`|' in this call to SED).
+PATH=$(AS_ECHO([$PATH]) | $SED -e 's|'"$currpwd"'||g' \
+ -e 's|\.\.*//*||g' \
+ -e 's|:\.\.*:|:|g' \
+ -e 's|\.*$||' \
+ -e 's|^\.*||' \
+ -e 's|::*|:|g' \
+ -e 's|^:||' \
+ -e 's|:$||' )
+AS_IF([test $oldPATH = $PATH],
+ [ path_warning=no ],
+ [ path_warning=yes; anywarnings=yes ])
+AC_MSG_RESULT( $path_warning )
+
+
+
+
+
# Search for necessary libraries. After each library is found,
# AC_SEARCH_LIBS adds the -lLIBRARY flag to the LIBS variable which is then
# given to all the Makefiles. Each new flag is added to the left of the old
@@ -826,6 +852,22 @@ AS_IF([test x$enable_guide_message = xyes],
AS_ECHO([" If PDF outputs are desired from ConvertType, it
will abort"])
AS_ECHO([" with an EPS output which you can convert to PDF
by other means."])
AS_ECHO([]) ])
+ # The last two scenarios described below are taken from
+ #
https://unix.stackexchange.com/questions/65700/is-it-safe-to-add-to-my-path-how-come
+ AS_IF([test "x$path_warning" = "xyes"],
+ [AS_ECHO([" - Your PATH contains the current directory. This
does not affect"])
+ AS_ECHO([" this build and installation of Gnuastro in any
way, it is just to"])
+ AS_ECHO([" to remind you that this is a security risk."])
+ AS_ECHO([" It is a very serious security risk if it is
closer to the start"])
+ AS_ECHO([" of your PATH: a malicious/wrong program might be
run instead of"])
+ AS_ECHO([" a desired program, someone might find out you
frequently mistype"])
+ AS_ECHO([" a command and install a matching one, someone
might install a"])
+ AS_ECHO([" fake command with the name of one that is not
installed. You can"])
+ AS_ECHO([" always run a program in the current directory by
explicity adding"])
+ AS_ECHO([" a \`./' before it's name. Run the following
command after"])
+ AS_ECHO([" installing Gnuastro to learn more about PATH:"])
+ AS_ECHO([" $ info gnuastro \"Installation directory\""])
+ AS_ECHO([]) ])
AS_ECHO([" All checks related to the warning(s) above will be
skipped."])
AS_ECHO([])
]
- [gnuastro-commits] master updated (589ca52 -> 0487ba5), Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master c46e36d 03/14: Minor corrections in webpage script, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master 0bbdf6d 05/14: Minor corrections to optional dependencies, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master 74dd74f 08/14: Match program's man page is built, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master c6a96b2 07/14: In citation, primarily was changed to initially, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master 0487ba5 14/14: Initializing delta and dist arrays in match library, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master 2631def 10/14: Minor edits in book's configuration options and intro, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master d7a7c37 12/14: Minor edits in book, acknowledgements updated, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master c448b38 04/14: Better explanation on GNU Libtool in book, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master f0a4d1e 01/14: In configure, current directory removed from PATH, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master 104b657 06/14: Configuration warning if PATH includes current directory,
Mohammad Akhlaghi <=
- [gnuastro-commits] master 481b53a 13/14: -Qunused-arguments now dealt with in CXXFLAGS, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master 182f397 11/14: No -pthread flag in LDFLAGS, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master e9842b5 02/14: Webpage translations now fully incorporated, Mohammad Akhlaghi, 2017/12/17
- [gnuastro-commits] master eef4e80 09/14: Arithmetic's binary operators don't need compiled types, Mohammad Akhlaghi, 2017/12/17