5 Nov
2009
5 Nov
'09
4:57 p.m.
Daenyth Blank wrote:
On Thu, Nov 5, 2009 at 12:05, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
The eval seems slightly dangerous to me... does anyone else have this concern, or am I being too careful?
eval is always dangerous. In this case, however, it's eval-ing from a text file only writable by root. If an attacker has root write permissions, you have more to worry about than this.
True, but I still prefer to be extra careful, as /etc/makepkg.conf might have been compromised through other channels.