Re: Don't add . to PATH in Make (issue 563650043 by address@hidden)

lilypond-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Don't add . to PATH in Make (issue 563650043 by address@hidden)

From:	hanwenn
Subject:	Re: Don't add . to PATH in Make (issue 563650043 by address@hidden)
Date:	Wed, 04 Mar 2020 00:07:19 -0800

On 2020/03/04 07:54:46, hanwenn wrote:
> LGTM

Can you update the commit message though? I don't think there is a
security problem here.

Adding . in $PATH is a security problem on multi-user systems. In the
context of the build, you can regard this from two angles:

- you're executing in a known environment (ie. the build or src dir), so
the multi-user concern doesn't hold

- you're executing build commands that were probably downloaded from a
potentially untrusted source, so you're SOL anyway. 

https://codereview.appspot.com/563650043/

[Prev in Thread]

Current Thread

[Next in Thread]

Don't add . to PATH in Make (issue 563650043 by address@hidden), lemzwerg, 2020/03/04
- Re: Don't add . to PATH in Make (issue 563650043 by address@hidden), hanwenn, 2020/03/04
- Re: Don't add . to PATH in Make (issue 563650043 by address@hidden), hanwenn <=

Prev by Date: Re: Don't add . to PATH in Make (issue 563650043 by address@hidden)
Next by Date: Re: 2.21.0 release plans and considerations
Previous by thread: Re: Don't add . to PATH in Make (issue 563650043 by address@hidden)
Next by thread: GUB for LilyPond 2.21
Index(es):
- Date
- Thread