On Fri, 3 Mar 2006, José Matos wrote:
On 03/03/06, José Matos <[EMAIL PROTECTED]> wrote:
Hi,
in Fedora Extras we build R packages to a temporary directory. The
relevant section in
the spec file is this:
%build
cd ..; R CMD INSTALL %{packname} -l %{buildroot}%{_libdir}/R/library
It works. :-)
We noticed one problem though (I will assume working on ix86 here) the
temporary build path is saved in
/usr/lib/R/library/*/Meta/hsearch.rds, i.e. for each package.
Searching a little bit more I see that Peter Daalgard came to the
same conclusion one month ago:
https://stat.ethz.ch/pipermail/r-help/2006-February/086069.html
Yes, and his conclusion holds as well.
Please explain what the problem is. The first element of the object saved
in hsearch.rds is a data frame with a column LibPath. This is not used
by help.search() after installation.
To see this is enough to run strings over these file.
Is this a security concern?
Why should there be any security issues about a non-existent path?
Does R uses this path in any way?
Peter was referring to packages installed with R. If they were used, no
binary installation of R would work, so I presume they are not used.
In case the answer is yes, it is safe to run sed over this file and do
a textual replacement?
Not safe: the string lengths are encoded in the file.
Thanks and best regards,
--
José Matos
--
José Abílio
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel
--
Brian D. Ripley, [EMAIL PROTECTED]
Professor of Applied Statistics, http://www.stats.ox.ac.uk/~ripley/
University of Oxford, Tel: +44 1865 272861 (self)
1 South Parks Road, +44 1865 272866 (PA)
Oxford OX1 3TG, UK Fax: +44 1865 272595
______________________________________________
R-devel@r-project.org mailing list
https://stat.ethz.ch/mailman/listinfo/r-devel