"Alex Unleashed" <[EMAIL PROTECTED]> writes: > the fact of the attempt is what > really matters,
I'm afraid I'll have to disagree on this one, as a matter of philosophy. Autoconf regularly tries stuff to see whether it works. It's not at all unreasonable for Autoconf to try programs that have memory violations, or attempt to do other prohibited operations, in order for the Autoconf-generated code to discover what capabilities the system actually lets the installer do. If your sandboxing environment prohibits reasonable requests for information about what the environment allows, then it's being too strict. In this particular case, stricter auditing did find a bug in FreeBSD mkdir -p -m, and that's certainly a point in its favor. But I'm not sure it's a good idea in general. I guess I'd feel more comfortable with a sandbox where the installer ran as root, and actually could do a "chmod 0 /" or whatever, and where the auditing process discovered the sandbox was corrupted; I think this would detect problems like these more reliably. (Obviously though you're doing the work so it's up to you. :-)
