Mike Hommey <m...@glandium.org> writes: > On Thu, Jul 02, 2009 at 02:26:21PM -0700, Russ Allbery wrote: >> Jonathan Yu <jonathan.i...@gmail.com> writes: >> >> > How to fix them? Write Perl scripts, and turn on taint checking -- >> > that fixes the four issues above, because it makes the script exit if >> > any of them look dangerous. Env::Sanctify::Auto is a Perl module that >> > automatically cleans up the paths. >> > >> > My advice: >> > 1. Write scripts that might be run as root (or setuid root) using Perl >> > 2. Turn on taint checking >> > 3. Consider using Env::Sanctify::Auto (shameless plug) >> >> I would really prefer that people not start writing maintainer scripts >> in Perl as a matter of course. Perl is harder to analyze for programs >> like lintian than shell scripts (which are already hard enough). > > I wonder, do dpkg unset these variables when running maintainer scripts? > That could be a good idea if it doesn't already. > > Mike
It does not, at least not specifically. Nor do nearly all shell scripts in /usr/bin. And think of what fun that would be to debug for a debconf using package. Suddenly debconf gets told some paths and errors out. MfG Goswin -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org