On Mon, 19 Mar 2012, Lucas Nussbaum wrote: > I kind-of fail to see the point. If I run a script as user 'lucas', > I of course expect it to be run as user 'lucas', and I need to trust > the code to some level. How is that different with debbugs ?
It's only different with the configuration file when DEBBUGS_CONFIG_FILE is set. If the configuration file is installed in /etc/debbugs/config, it doesn't check for the UID to match. The main idea was to avoid YA environmental variable that could be used as a means to execute code that hadn't been checked previously... and honestly, I didn't expect anyone to be using it to run a configuration file stored in an arbitrary location. [I primarily intended it to be used during testing.] Don Armstrong -- Taxes are not levied for the benefit of the taxed. -- Robert Heinlein _Time Enough For Love_ p250 http://www.donarmstrong.com http://rzlab.ucr.edu -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected] Archive: http://lists.debian.org/[email protected]
