On 20/01/13 22:08, Allan McRae wrote:
There was some concern about potential security implications of calling execvp and the ability to get a root shell. Good to see this was mentioned in the six months between the patches being sent to the mailing list and when they were committed (passive-agressive Allan!)
All those patches are reverted (commits 4a8c2852, 993700bc, bb4d2b72, 60b192e3) in the first patch which is not being sent. Then the pactests are refixed only allowing full paths to the scriptlet shell and the path to ldconfig is made configurable.
Allan McRae (4): Revert execvp and related commits pactest: handle non-default scriptlet shells Remove leading / for pactest paths Make path to ldconfig configurable
Any comments on these? I don't like to leave patches that we know are going to be reverted on master, so I would like to push them soon. Allan