On Tue, Aug 22, 2017 at 01:22:51PM -0400, Michael Orlitzky wrote:
> The net-analyzer/nrpe package has a ./configure flag:
>
> --enable-command-args allows clients to specify command arguments. ***
> THIS IS A SECURITY RISK! *** Read the SECURITY
> file before using this option!
>
> Back in nrpe-2.x, it was available via USE=command-args, but I dropped
> it from nrpe-3.x, and a user just asked about it (bug 628596). There are
> at least two things we could do with a dangerous flag like that:
>
> 1) require EXTRA_ECONF to enable it.
> 2) hide it behind a masked USE flag.
>
> Both options require about the same amount of work from the user, namely
> editing something under /etc/portage. What do y'all think is the best
> way to proceed? Are there other examples in the tree I could follow?
I like the masked USE flag approach. Using EXTRA_ECONF requires a bit more
work from the user (not much though) but is less visible afterwards in my
opinion.
Perhaps a name that implies that there is a security risk could be
interesting, but that's a minor suggestion.
Is there a way we could somehow ensure that a USE flag is never set
globally, but only on a per-package basis?
Wkr,
Sven Vermeulen
