Date: Sun, 31 Dec 2006 11:15:39 -0600 From: Mike Pritchard <mpp@mail.mppsystems.com> To: Yar Tikhiy <yar@FreeBSD.org> Cc: cvs-src@FreeBSD.org, src-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: Re: cvs commit: src/etc rc.subr Message-ID: <20061231171539.GA53686@mail.mppsystems.com> In-Reply-To: <20061231170411.GA53408@mail.mppsystems.com> References: <200612311107.kBVB7TrP042343@repoman.freebsd.org> <20061231170411.GA53408@mail.mppsystems.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, Dec 31, 2006 at 11:07:29AM +0000, Yar Tikhiy wrote: > yar 2006-12-31 11:07:29 UTC > > FreeBSD src repository > > Modified files: > etc rc.subr > Log: > Allow for /usr/bin/env when parsing the shebang line from an > interpreted $command. Some "portable" sofware packages use such a > line to skip the task of figuring out the absolute pathname of the > interpreter at install time, e.g.: > > #!/usr/bin/env python > > It is insecure, but a popular book on Python seems to have advised > it to a wide audience. Hence a number of such scripts in the ports, > mostly written in Python. If its insecure, than why allow it? If the ports need a patch to make it secure, then they should be patched. I don't like seeing something from rc.subr with a comment about it being less secure.... (sorry if this message is a duplicate... been messing with my postfix settings, and it looked like the first one never made it out) -- Mike Pritchard mpp@FreeBSD.org or mpp@mppsystems.com "If tyranny and oppression come to this land, it will be in the guise of fighting a foreign enemy." - James Madison (1787)
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20061231171539.GA53686>