On Tue, Aug 22, 2017 at 01:22:51PM -0400, Michael Orlitzky wrote: > The net-analyzer/nrpe package has a ./configure flag: > > --enable-command-args allows clients to specify command arguments. *** > THIS IS A SECURITY RISK! *** Read the SECURITY > file before using this option! > > Back in nrpe-2.x, it was available via USE=command-args, but I dropped > it from nrpe-3.x, and a user just asked about it (bug 628596). There are > at least two things we could do with a dangerous flag like that: > > 1) require EXTRA_ECONF to enable it. > 2) hide it behind a masked USE flag. > > Both options require about the same amount of work from the user, namely > editing something under /etc/portage. What do y'all think is the best > way to proceed? Are there other examples in the tree I could follow?
I like the masked USE flag approach. Using EXTRA_ECONF requires a bit more work from the user (not much though) but is less visible afterwards in my opinion. Perhaps a name that implies that there is a security risk could be interesting, but that's a minor suggestion. Is there a way we could somehow ensure that a USE flag is never set globally, but only on a per-package basis? Wkr, Sven Vermeulen