Yes there are a couple of hacks to lposix which means we can't just switch to
upstream, rebasing to newer one is an entirely another thing, and was under
discussion last year already (there's a ticket around here somewhere).
The other thing is that there are other ways around eg the exec() thing, the
current implementation was just a quick hack to get something in there - people
were discovering -p %{lua} and the posix extension and getting themselves *and*
rpm in trouble with it.
One kinda indirect solution would always executing -p %{lua} scriptlets in a
forked process, at which point there's no need for the check in the first
place. This would also allow feeding paths into file triggers the same way
regardless of interpreter, and would protect rpm from scriptlets doing stupid
things with macros *and* packages from one another. And no doubt it would break
somebody's carefully crafted scripts which rely on the fact that they execute
in-process, but I don't have too much sympathy over that.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/pull/390#issuecomment-364049793_______________________________________________
Rpm-maint mailing list
[email protected]
http://lists.rpm.org/mailman/listinfo/rpm-maint
