From owner-cvs-all@FreeBSD.ORG Tue Jan 2 21:11:09 2007 Return-Path: X-Original-To: cvs-all@FreeBSD.org Delivered-To: cvs-all@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 21C7F16A40F; Tue, 2 Jan 2007 21:11:09 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (grnl-static-02-0046.dsl.iowatelecom.net [69.66.56.110]) by mx1.freebsd.org (Postfix) with ESMTP id C0B6013C44C; Tue, 2 Jan 2007 21:11:08 +0000 (UTC) (envelope-from brooks@lor.one-eyed-alien.net) Received: from lor.one-eyed-alien.net (localhost [127.0.0.1]) by lor.one-eyed-alien.net (8.13.8/8.13.8) with ESMTP id l02L0519009462; Tue, 2 Jan 2007 15:00:05 -0600 (CST) (envelope-from brooks@lor.one-eyed-alien.net) Received: (from brooks@localhost) by lor.one-eyed-alien.net (8.13.8/8.13.8/Submit) id l02L05sh009461; Tue, 2 Jan 2007 15:00:05 -0600 (CST) (envelope-from brooks) Date: Tue, 2 Jan 2007 15:00:05 -0600 From: Brooks Davis To: Mike Pritchard Message-ID: <20070102210005.GA8060@lor.one-eyed-alien.net> References: <200612311107.kBVB7TrP042343@repoman.freebsd.org> <20061231170411.GA53408@mail.mppsystems.com> Mime-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="2fHTh5uZTiUOsy+g" Content-Disposition: inline In-Reply-To: <20061231170411.GA53408@mail.mppsystems.com> User-Agent: Mutt/1.5.11 Cc: cvs-src@FreeBSD.org, Yar Tikhiy , src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc rc.subr X-BeenThere: cvs-all@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: CVS commit messages for the entire tree List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 02 Jan 2007 21:11:09 -0000 --2fHTh5uZTiUOsy+g Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, Dec 31, 2006 at 11:04:11AM -0600, Mike Pritchard wrote: > On Sun, Dec 31, 2006 at 11:07:29AM +0000, Yar Tikhiy wrote: > > yar 2006-12-31 11:07:29 UTC > >=20 > > FreeBSD src repository > >=20 > > Modified files: > > etc rc.subr=20 > > Log: > > Allow for /usr/bin/env when parsing the shebang line from an > > interpreted $command. Some "portable" sofware packages use such a > > line to skip the task of figuring out the absolute pathname of the > > interpreter at install time, e.g.: > > =20 > > #!/usr/bin/env python > > =20 > > It is insecure, but a popular book on Python seems to have advised > > it to a wide audience. Hence a number of such scripts in the ports, > > mostly written in Python. >=20 > If its insecure, than why allow it? If the ports need a patch to make it > secure, then they should be patched. =20 >=20 > I don't like seeing something from rc.subr with a comment about it > being less secure.... It's only a security problem in the case of an insecure path. This isn't generally the case for rc.d's execution context. It's only a security issue of administrators are stupid enough to place untrustworthy directories such as "." in root's path. -- Brooks --2fHTh5uZTiUOsy+g Content-Type: application/pgp-signature Content-Disposition: inline -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.6 (FreeBSD) iD8DBQFFmsfUXY6L6fI4GtQRAm1oAJwOPp9NWYxRE0dyqdPbpTA/H8Y0iACfUqqs M2CkWo0uZDfrbN95/f4m/r8= =cbPy -----END PGP SIGNATURE----- --2fHTh5uZTiUOsy+g--