public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
From: Ciaran McCreesh <ciaran.mccreesh@googlemail.com>
To: "Michał Górny" <mgorny@gentoo.org>
Cc: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions.
Date: Sun, 10 Mar 2013 15:46:05 +0000	[thread overview]
Message-ID: <20130310154605.271bd0b5@googlemail.com> (raw)
In-Reply-To: <20130310164641.7dc5f6bf@pomiocik.lan>

[-- Attachment #1: Type: text/plain, Size: 1010 bytes --]

On Sun, 10 Mar 2013 16:46:41 +0100
Michał Górny <mgorny@gentoo.org> wrote:
> On Sun, 10 Mar 2013 15:26:29 +0000
> Ciaran McCreesh <ciaran.mccreesh@googlemail.com> wrote:
> > On Sun, 10 Mar 2013 14:48:06 +0100
> > Michał Górny <mgorny@gentoo.org> wrote:
> > > Well, unless we're talking about a theoretical package mangler
> > > which intentionally uses internal, old version of bash to prove
> > > the point.
> > 
> > That's a good idea, maybe we'll do that. Sounds like a good way of
> > doing better input validation. Perhaps we could patch our internal
> > bash to make it easier to catch certain other errors too.
> 
> Please don't forget to bundle a few rootkits inside, so your users
> won't have to wait for security issues to be found in the ye ol' bash
> version you'll use.

You mean, in the bash that will be being run as root, that is
accessible exclusively to packages, all of which are allowed to run
things as root, install set*id binaries, etc?

-- 
Ciaran McCreesh

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

  reply	other threads:[~2013-03-10 15:49 UTC|newest]

Thread overview: 20+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-03-10 10:16 [gentoo-dev] [PATCHES] multibuild.eclass: custom phase function helpers Michał Górny
2013-03-10 10:18 ` [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions Michał Górny
2013-03-10 11:36   ` Ulrich Mueller
2013-03-10 12:16     ` Ulrich Mueller
2013-03-10 12:18       ` Ciaran McCreesh
2013-03-10 13:19         ` Michał Górny
2013-03-10 13:44           ` Ulrich Mueller
2013-03-10 13:48             ` Michał Górny
2013-03-10 15:26               ` Ciaran McCreesh
2013-03-10 15:46                 ` Michał Górny
2013-03-10 15:46                   ` Ciaran McCreesh [this message]
2013-03-10 15:50       ` [gentoo-dev] [PATCH] " Michał Górny
2013-03-10 18:37         ` Alec Warner
2013-03-10 10:18 ` [gentoo-dev] [PATCH 2/7] distutils-r1: use multibuild phase helpers Michał Górny
2013-03-10 10:18 ` [gentoo-dev] [PATCH 3/7] multilib-minimal: split out mkdir to unify sub-functions Michał Górny
2013-03-10 10:18 ` [gentoo-dev] [PATCH 4/7] multilib-minimal: reuse run_in_build_dir Michał Górny
2013-03-10 10:18 ` [gentoo-dev] [PATCH 5/7] multilib-minimal: reuse multibuild phase function handlers Michał Górny
2013-03-10 10:18 ` [gentoo-dev] [PATCH 6/7] multilib-minimal: run multilib_src_configure in parallel Michał Górny
2013-03-10 10:18 ` [gentoo-dev] [PATCH 7/7] autotools-multilib: reuse phase functions from multilib-minimal Michał Górny
2013-03-17 13:35 ` [gentoo-dev] [PATCHES] multibuild.eclass: custom phase function helpers Michał Górny

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20130310154605.271bd0b5@googlemail.com \
    --to=ciaran.mccreesh@googlemail.com \
    --cc=gentoo-dev@lists.gentoo.org \
    --cc=mgorny@gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox