Tor Olav Stava wrote:
David Rosal wrote:
Paco-1.10.4 uses the function wordexp() to parse the configuration
file. This allows for expanding any environment variable (and not
only HOME).
(...)
Summarizing: for paco >= 1.10.5, passing WORDEXP=y in uClibc won't be
required, but if WORDEXP is enabled then paco will be able to expand
any environment variable in pacorc.
Thanks for clearing that up.
However, the wordexp() issue with uClibc is actually quite minor
considering that I can't log the uClibc install. :(
Everything else seems fine, its only the uClibc install I'm having
trouble with so far.
Enabling wordexp() in uClibc is no problem, unless it poses some
sequrity threat (..?), I'll just put a note about it in the patch readme.
The use of wordexp() may be very dangerous since it performs command
substitution, either with backtics (`command`) or in a bash fashion (
$(command) ).
Though in paco the command substitution is disabled, in other programs
where it is enabled it can be a big security hole.
Regarding paco-1.10.5, I'm thinking that it would be better to let this
be set in configure time, for instance with an option --enable-wordexp.
*david
--
http://linuxfromscratch.org/mailman/listinfo/alfs-discuss
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
