[arch-dev-public] [PATCH] makechrootpkg: Use the host's SRCDEST and PKGDEST if they are defined
Daenyth Blank
daenyth+arch at gmail.com
Thu Nov 5 11:38:06 EST 2009
On Thu, Nov 5, 2009 at 12:05, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
> The eval seems slightly dangerous to me... does anyone else have this
> concern, or am I being too careful?
>
eval is always dangerous. In this case, however, it's eval-ing from a
text file only writable by root. If an attacker has root write
permissions, you have more to worry about than this.
More information about the arch-dev-public
mailing list