Ag. D. Hatzimanikas wrote: > Hi, > > Yesterday, I was trying to install a Tcl/Tk application, when during > the build procedure, I noticed that the value of TCL_LIBRARY was my > usual build dir. > > Checking further I found a lot of same references in > /usr/lib/tclConfig.sh > /usr/lib/tkConfig.sh
Thanks for the report. This _must_ be fixed before BLFS-6.3 release, because it is very likely to be a security hole (ability to inject arbitrary TCL code into any TCL program by just putting some files in the old build dir). And before the sed goes into the book, we should figure out why the offending path ended up in the TCL_LIBRARY variable and the scripts (i.e.: fix the root of the problem instead of post-processing the consequences). -- Alexander E. Patrakov -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
