[Bug 1421041] Review Request: deepin-gettext-tools - Deepin Gettext Tools

bugzilla Fri, 21 Jul 2017 02:08:15 -0700

https://bugzilla.redhat.com/show_bug.cgi?id=1421041




--- Comment #5 from sensor....@gmail.com ---
I think full path is important. The $PATH environment variable is easy to
change. It's not safe. For example:

$ vi test.spec
....
%post
python3 -c 'print("Hello")'
...

$ vi /usr/local/bin/python3
#!/bin/bash
echo "bad things."
/bin/python3 $@

# rpm -ivh -D"_install_script_path
/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" test-0.1-1.fc25.x86_64.rpm
 1:test-0.1-1.fc25                  ################################# [100%]
bad things.
Hello

-- 
You are receiving this mail because:
You are on the CC list for the bug.
You are always notified about changes to this product and component
_______________________________________________
package-review mailing list -- package-review@lists.fedoraproject.org
To unsubscribe send an email to package-review-le...@lists.fedoraproject.org

[Bug 1421041] Review Request: deepin-gettext-tools - Deepin Gettext Tools

Reply via email to