Alexander E. Patrakov wrote these words on 03/23/08 01:07 CST: > Thanks for the report. This _must_ be fixed before BLFS-6.3 release,
It's my opinion that it really isn't an issue. > because it > is very likely to be a security hole (ability to inject arbitrary TCL code > into > any TCL program by just putting some files in the old build dir). I believe you are reading a bit too much into this. It actually doesn't list the entire build directory, just a portion of it. And that directory won't exist on the root of the filesystem. I have to see what happens (just for curiosity sake) if you unpack into various directories on the filesystem. > And before the sed goes into the book, we should figure out why the offending > path ended up in the TCL_LIBRARY variable and the scripts (i.e.: fix the root > of > the problem instead of post-processing the consequences). Apparently you don't have Tcl or Tk installed or you would have looked at the two files and seen how well commented they are. There is an explanation for each of them. Tcl and Tk for whatever reason expect the build directories to exist on the system after the libraries are installed. I'll do some more checking on this. The sed commands that Ag wrote specify some stuff that doesn't even reflect the build dir and doesn't need to be changed at all. -- Randy rmlscsi: [bogomips 1003.22] [GNU ld version 2.16.1] [gcc (GCC) 4.0.3] [GNU C Library stable release version 2.3.6] [Linux 2.6.14.3 i686] 08:03:00 up 34 days, 22:51, 1 user, load average: 0.02, 0.01, 0.00 -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
