From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 91BA5198005 for ; Sun, 10 Mar 2013 15:49:40 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 8DD12E07B7; Sun, 10 Mar 2013 15:49:33 +0000 (UTC) Received: from mail-wi0-f178.google.com (mail-wi0-f178.google.com [209.85.212.178]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id 799A8E07B3 for ; Sun, 10 Mar 2013 15:49:32 +0000 (UTC) Received: by mail-wi0-f178.google.com with SMTP id hq4so489486wib.11 for ; Sun, 10 Mar 2013 08:49:31 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=googlemail.com; s=20120113; h=x-received:date:from:to:cc:subject:message-id:in-reply-to :references:x-mailer:mime-version:content-type; bh=RoOQL9yDqJvpUlrWRhKn4WLwfrCueXhxg5Wf1wREckA=; b=LJhjzHI3zU0PLm8F5a74zyeupyBwJTBltO7MdyM5UC8+sHfmvhHBryaS6yIle/UbEr IN1ZeFGEj5Vtg2kvWiraqzgvdnq/b/aH+ORvXLdzVDrlKqXwDXW84ukx99byC/2vcwbJ ARvbSyYx+X3ZrxsNcoijgm1LEGiUUepUsSZZsqtRDXgl5Ui0KSi1VDklIG8yr8PftzVJ ySOy4GOO/95hHpQG9nV7BhHD03DRN5aZMlw/USUBlRD/vy5J+/BGG7PL8/lXoHRtVkhl Y+Kj+ghWbp6GpSjtAr7Ir1Ui2qRuZET6NIi3W/umL1KSWn0BcS8sPoE+8oIXA/U6l7I3 QRHA== X-Received: by 10.180.91.106 with SMTP id cd10mr7885251wib.6.1362930571169; Sun, 10 Mar 2013 08:49:31 -0700 (PDT) Received: from localhost (cpc13-broo7-2-0-cust130.14-2.cable.virginmedia.com. [82.9.16.131]) by mx.google.com with ESMTPS id er3sm10345986wib.1.2013.03.10.08.49.30 (version=TLSv1.2 cipher=RC4-SHA bits=128/128); Sun, 10 Mar 2013 08:49:30 -0700 (PDT) Date: Sun, 10 Mar 2013 15:46:05 +0000 From: Ciaran McCreesh To: =?UTF-8?B?TWljaGHFgiBHw7Nybnk=?= Cc: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] [PATCH 1/7] multibuild: introduce a generic framework for custom phase functions. Message-ID: <20130310154605.271bd0b5@googlemail.com> In-Reply-To: <20130310164641.7dc5f6bf@pomiocik.lan> References: <20130310111644.0840d935@pomiocik.lan> <1362910691-8439-1-git-send-email-mgorny@gentoo.org> <20796.28754.738984.896903@a1i15.kph.uni-mainz.de> <20796.31150.637490.654018@a1i15.kph.uni-mainz.de> <20130310121825.054383fb@googlemail.com> <20130310141959.6217437d@pomiocik.lan> <20796.36426.784707.254728@a1i15.kph.uni-mainz.de> <20130310144806.57d30603@pomiocik.lan> <20130310152629.78718d46@googlemail.com> <20130310164641.7dc5f6bf@pomiocik.lan> X-Mailer: Claws Mail 3.9.0 (GTK+ 2.24.16; x86_64-pc-linux-gnu) Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/3NL5LtUhkWgC1qcbWjk6Wcf"; protocol="application/pgp-signature" X-Archives-Salt: a9ae74b7-3ca7-4744-8c16-c14146b30e09 X-Archives-Hash: 7f3c4b9a72d0cfdbb453ad6cdb148096 --Sig_/3NL5LtUhkWgC1qcbWjk6Wcf Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On Sun, 10 Mar 2013 16:46:41 +0100 Micha=C5=82 G=C3=B3rny wrote: > On Sun, 10 Mar 2013 15:26:29 +0000 > Ciaran McCreesh wrote: > > On Sun, 10 Mar 2013 14:48:06 +0100 > > Micha=C5=82 G=C3=B3rny wrote: > > > Well, unless we're talking about a theoretical package mangler > > > which intentionally uses internal, old version of bash to prove > > > the point. > >=20 > > That's a good idea, maybe we'll do that. Sounds like a good way of > > doing better input validation. Perhaps we could patch our internal > > bash to make it easier to catch certain other errors too. >=20 > Please don't forget to bundle a few rootkits inside, so your users > won't have to wait for security issues to be found in the ye ol' bash > version you'll use. You mean, in the bash that will be being run as root, that is accessible exclusively to packages, all of which are allowed to run things as root, install set*id binaries, etc? --=20 Ciaran McCreesh --Sig_/3NL5LtUhkWgC1qcbWjk6Wcf Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (GNU/Linux) iEYEARECAAYFAlE8qsAACgkQ96zL6DUtXhEreACghaH5u3RDwq/6L1mHEcTqN/hV pCwAoM1jQ5GsoL/uLh3uRny5MNdRf40V =dgwo -----END PGP SIGNATURE----- --Sig_/3NL5LtUhkWgC1qcbWjk6Wcf--