Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-08 Thread Ulrich Mueller
> On Fri, 8 Sep 2017, Robin H Johnson wrote: > On Thu, Aug 31, 2017 at 10:45:42PM +0200, Michał Górny wrote: >> +export PATH=/dev/null > Minor nitpick: The Single UNIX spec says that PATH is a set of > prefixes, and that they're treated as directories. >

Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-08 Thread Robin H. Johnson
On Thu, Aug 31, 2017 at 10:45:42PM +0200, Michał Górny wrote: > + export PATH=/dev/null Minor nitpick: The Single UNIX spec says that PATH is a set of prefixes, and that they're treated as directories. http://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html I think it might be good to

Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-08 Thread Alec Warner
Must be old age setting in :( Thanks, -A On Fri, Sep 8, 2017 at 2:54 PM, Michał Górny wrote: > W dniu pią, 08.09.2017 o godzinie 14∶48 -0400, użytkownik Alec Warner > napisał: > > Why PATH=/dev/null vs export PATH="" > > + # note: we can't use empty because it implies

Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-08 Thread Michał Górny
W dniu pią, 08.09.2017 o godzinie 14∶48 -0400, użytkownik Alec Warner napisał: > Why PATH=/dev/null vs export PATH="" + # note: we can't use empty because it implies current directory > > On Thu, Sep 7, 2017 at 3:36 AM, Michał Górny wrote: > > > Dnia 31 sierpnia 2017

Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-07 Thread Michał Górny
Dnia 31 sierpnia 2017 22:45:42 CEST, "Michał Górny" napisał(a): >Set PATH to /dev/null when sourcing the ebuild for dependency >resolution >in order to prevent shell from finding external commands via PATH >lookup. While this does not prevent executing programs via full path,

[gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-08-31 Thread Michał Górny
Set PATH to /dev/null when sourcing the ebuild for dependency resolution in order to prevent shell from finding external commands via PATH lookup. While this does not prevent executing programs via full path, it should catch the majority of accidental uses. Closes: