Date: Tue, 2 Jan 2007 15:00:05 -0600 From: Brooks Davis <brooks@one-eyed-alien.net> To: Mike Pritchard <mpp@mppsystems.com> Cc: cvs-src@FreeBSD.org, Yar Tikhiy <yar@FreeBSD.org>, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc rc.subr Message-ID: <20070102210005.GA8060@lor.one-eyed-alien.net> In-Reply-To: <20061231170411.GA53408@mail.mppsystems.com> References: <200612311107.kBVB7TrP042343@repoman.freebsd.org> <20061231170411.GA53408@mail.mppsystems.com>
next in thread | previous in thread | raw e-mail | index | archive | help
--2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Dec 31, 2006 at 11:04:11AM -0600, Mike Pritchard wrote: > On Sun, Dec 31, 2006 at 11:07:29AM +0000, Yar Tikhiy wrote: > > yar 2006-12-31 11:07:29 UTC > >=20 > > FreeBSD src repository > >=20 > > Modified files: > > etc rc.subr=20 > > Log: > > Allow for /usr/bin/env when parsing the shebang line from an > > interpreted $command. Some "portable" sofware packages use such a > > line to skip the task of figuring out the absolute pathname of the > > interpreter at install time, e.g.: > > =20 > > #!/usr/bin/env python > > =20 > > It is insecure, but a popular book on Python seems to have advised > > it to a wide audience. Hence a number of such scripts in the ports, > > mostly written in Python. >=20 > If its insecure, than why allow it? If the ports need a patch to make it > secure, then they should be patched. =20 >=20 > I don't like seeing something from rc.subr with a comment about it > being less secure.... It's only a security problem in the case of an insecure path. This isn't generally the case for rc.d's execution context. It's only a security issue of administrators are stupid enough to place untrustworthy directories such as "." in root's path. -- Brooks --2fHTh5uZTiUOsy+g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFmsfUXY6L6fI4GtQRAm1oAJwOPp9NWYxRE0dyqdPbpTA/H8Y0iACfUqqs M2CkWo0uZDfrbN95/f4m/r8= =cbPy -----END PGP SIGNATURE----- --2fHTh5uZTiUOsy+g--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20070102210005.GA8060>