Summary: | disallow access to $S/$FILESDIR in pkg_* functions | ||
---|---|---|---|
Product: | Portage Development | Reporter: | SpanKY <vapier> |
Component: | Core - Ebuild Support | Assignee: | Portage team <dev-portage> |
Status: | CONFIRMED --- | ||
Severity: | enhancement | CC: | ansla80, basic, ciaran.mccreesh, dschridde+gentoobugs, jakub, sam |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | All | ||
See Also: |
https://bugs.gentoo.org/show_bug.cgi?id=586416 https://bugs.gentoo.org/show_bug.cgi?id=775191 https://bugs.gentoo.org/show_bug.cgi?id=138388 https://bugs.gentoo.org/show_bug.cgi?id=197942 |
||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
SpanKY
2006-10-23 01:04:24 UTC
Nice idea. I would suggest doing the same for FILESDIR. Sounds good. conversely, if we set ROOT to like /var/tmp/portage/eat/my/balls in all src_* functions and add that path to the sandbox deny path ... Kinda relevant to this: 16:51 < ciaranm> incidentally... what i really want is a SANDBOX_WARN_READ etc 16:51 < ciaranm> so we can catch naughty ebuilds by doing SANDBOX_WARN_READ="${ROOT}" and setting ROOT to /blah/BAD_BROKEN_EBUILD_NO_COOKIE which is a symlink to / 16:52 < ferringb> ciaranm: that trick shouldn't work offhand 16:52 < ciaranm> ferringb: it won't work with sandbox the way it is currently, no 16:52 < ferringb> ciaranm: sandbox abspath's most of what it deals with. *** Bug 170567 has been marked as a duplicate of this bug. *** (In reply to SpanKY from comment #3) > conversely, if we set ROOT to like /var/tmp/portage/eat/my/balls in all > src_* functions and add that path to the sandbox deny path ... See-Also: bug #138388 |