[arch-dev-public] [PATCH] makechrootpkg: Use the host's SRCDEST and PKGDEST if they are defined

Aaron Griffin aaronmgriffin at gmail.com
Thu Nov 5 11:41:33 EST 2009

On Thu, Nov 5, 2009 at 10:38 AM, Daenyth Blank <daenyth+arch at gmail.com> wrote:
> On Thu, Nov 5, 2009 at 12:05, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>> The eval seems slightly dangerous to me... does anyone else have this
>> concern, or am I being too careful?
> eval is always dangerous. In this case, however, it's eval-ing from a
> text file only writable by root. If an attacker has root write
> permissions, you have more to worry about than this.

That's a fair enough point. I was wondering, though, if it might be
more prudent to sed out the value and actually set it with no eval at
all. Does anyone actually use inline execution in their makepkg.conf?

More information about the arch-dev-public mailing list