Hello Serge, Serge Hallyn [2014-08-01 13:39 +0000]: > But just because you sent the patch doesn't guarantee that you're the > author :)
Sorry, I'm just a layman engineer. :-) I don't see how I have more or less control about the "Author:" field than over "Signed-off-by:", but here we are: Signed-off-by: Martin Pitt <[email protected]> for the whole set of patches (This mail is GPG signed) > The concern isn't the tools not being under $PATH, but exploit versions > being put into a mangled path. If you can mangle the $PATH for pid 1 and its init scripts (which run as root), I'd say you pretty much 0wn the machine anyway. I think it's much more common to put locally updated versions of tools into /usr/local/ and expect them to get used? Anyway, your call. However, please note that the current init scripts don't run tools with full path (like "start", "lxc-autostart", "iptables", etc.), and neither do the existing helper scripts (e. g. lxc-devsetup calls "mount") so if that's your desire we'll need a much bigger patch, and that should be separated from this series? (But again, I'd really recommend against that) Thanks! Martin -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature
_______________________________________________ lxc-devel mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-devel
