From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 938851396D0 for ; Tue, 22 Aug 2017 17:23:08 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id B1AB81FC093; Tue, 22 Aug 2017 17:23:01 +0000 (UTC) Received: from smtp.gentoo.org (dev.gentoo.org [IPv6:2001:470:ea4a:1:5054:ff:fec7:86e4]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 65DB11FC018 for ; Tue, 22 Aug 2017 17:23:01 +0000 (UTC) Received: from [192.168.1.100] (c-98-218-46-55.hsd1.md.comcast.net [98.218.46.55]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) (Authenticated sender: mjo) by smtp.gentoo.org (Postfix) with ESMTPSA id 01FEE341AC3 for ; Tue, 22 Aug 2017 17:22:59 +0000 (UTC) To: gentoo-dev@lists.gentoo.org From: Michael Orlitzky Subject: [gentoo-dev] Guidelines for dangerous USE flags Message-ID: <17347fd7-d6ed-4c08-8d02-24df9237b576@gentoo.org> Date: Tue, 22 Aug 2017 13:22:51 -0400 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:52.0) Gecko/20100101 Thunderbird/52.2.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Language: en-US Content-Transfer-Encoding: 7bit X-Archives-Salt: e4216f24-93ad-49d9-8b7a-eb8350371f15 X-Archives-Hash: 015cfae58631b7652cf7315d396ea2d0 The net-analyzer/nrpe package has a ./configure flag: --enable-command-args allows clients to specify command arguments. *** THIS IS A SECURITY RISK! *** Read the SECURITY file before using this option! Back in nrpe-2.x, it was available via USE=command-args, but I dropped it from nrpe-3.x, and a user just asked about it (bug 628596). There are at least two things we could do with a dangerous flag like that: 1) require EXTRA_ECONF to enable it. 2) hide it behind a masked USE flag. Both options require about the same amount of work from the user, namely editing something under /etc/portage. What do y'all think is the best way to proceed? Are there other examples in the tree I could follow?