[arch-dev-public] [PATCH] makechrootpkg: Use the host's SRCDEST and PKGDEST if they are defined

Daenyth Blank daenyth+arch at gmail.com
Thu Nov 5 11:38:06 EST 2009

On Thu, Nov 5, 2009 at 12:05, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
> The eval seems slightly dangerous to me... does anyone else have this
> concern, or am I being too careful?

eval is always dangerous. In this case, however, it's eval-ing from a
text file only writable by root. If an attacker has root write
permissions, you have more to worry about than this.

More information about the arch-dev-public mailing list