[arch-dev-public] [PATCH] makechrootpkg: Use the host's SRCDEST and PKGDEST if they are defined
Firmicus
Firmicus at gmx.net
Thu Nov 5 11:57:54 EST 2009
Daenyth Blank wrote:
> On Thu, Nov 5, 2009 at 12:05, Aaron Griffin <aaronmgriffin at gmail.com> wrote:
>
>> The eval seems slightly dangerous to me... does anyone else have this
>> concern, or am I being too careful?
>>
>>
>
> eval is always dangerous. In this case, however, it's eval-ing from a
> text file only writable by root. If an attacker has root write
> permissions, you have more to worry about than this.
>
>
True, but I still prefer to be extra careful, as /etc/makepkg.conf might
have been compromised through other channels.
More information about the arch-dev-public
mailing list