Alexander E. Patrakov wrote these words on 03/23/08 08:57 CST: > This is an issue very similar in nature to "rpath pointing to a build > directory", which, according to Debian policy, is a critical bug, for exactly > the same reason (injection of arbitrary code if the username matches or if > someone builds in a subdirectory of /tmp, just by creating files there). But > you > are right that it isn't as critical for this script, as TCL_??_SEARCH_FLAGS > only > matter when building TCL extensions. > > You are right. But now I have TCL installed according to the book, and even > looked at Debian's buildscript. Instead of post-processing the installed > file, > they patch unix/tclConfig.sh.in. I will now build TCL according to Ag's > correction and according to Debian scripts, and compare the results. The test > will be "tclreadline doesn't fail to build". > > BTW, since you made me look into Debian's buildscript, please also see > http://bugs.debian.org/446335 (TCL-related miscompilation that, according to > the > report, manifests itself with the OMNeT++ package from > http://www.omnetpp.org/). > I don't know whether it is valid even on Debian, but it caught my eye in the > Debian changelog.
Thanks for the information. I looked at one of my old BLFS builds and noticed that the references in those tcl/tkConfig.sh files were fixed to /usr/lib! That got me to do a bit of browsing. Perhaps you'd like to see how BLFS *used* to do it? Here's a PDF of the 6.1 book. I can't find it online in HTML format. http://archive.linuxfromscratch.org/blfs-museum/6.1/blfs-book-6.1.pdf I don't recall *why* we removed the seds, and I didn't check the archives, but it might be interesting to go back and read about what and why we did the Tcl/Tk changes. Granted, I don't see harm in fixing the instances (and whether we patch the .sh file before make install, or patch the .sh.in file doesn't make a difference to me), but then I don't see how this can be exploited. I'm doing some more test/research just to satisy my own curiosity. -- Randy rmlscsi: [bogomips 1003.22] [GNU ld version 2.16.1] [gcc (GCC) 4.0.3] [GNU C Library stable release version 2.3.6] [Linux 2.6.14.3 i686] 09:26:00 up 35 days, 14 min, 1 user, load average: 0.86, 0.40, 0.20 -- http://linuxfromscratch.org/mailman/listinfo/blfs-dev FAQ: http://www.linuxfromscratch.org/blfs/faq.html Unsubscribe: See the above information page
