Date: 03 Feb 2002 23:38:54 +0000 From: Paul Richards <paul@freebsd-services.com> To: Marcel Moolenaar <marcel@xcllnt.net> Cc: arch@FreeBSD.org Subject: Re: install(1) to use a cross strip(1) Message-ID: <1012779534.18110.0.camel@lobster.originative.co.uk> In-Reply-To: <20020201231306.A670@dhcp01.pn.xcllnt.net> References: <20020201231306.A670@dhcp01.pn.xcllnt.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 2002-02-02 at 07:13, Marcel Moolenaar wrote:
> Gang,
>
> As part of doing cross development with our source tree I hit upon
> the nasty habit of install(1) to want to use strip(1) and specificly
> by that name. To make my live easier, I have made install(1) look
> for an envvar first. Is this kind of flexibility generic enough to
> have it committed?
>
> --- xinstall.c 19 Dec 2001 06:05:42 -0000 1.47
> +++ xinstall.c 27 Jan 2002 08:54:51 -0000
> @@ -702,6 +702,7 @@
> strip(to_name)
> const char *to_name;
> {
> + char *stripbin;
> int serrno, status;
>
> switch (fork()) {
> @@ -711,7 +712,10 @@
> errno = serrno;
> err(EX_TEMPFAIL, "fork");
> case 0:
> - execlp("strip", "strip", to_name, (char *)NULL);
> + stripbin = getenv("STRIPBIN");
> + if (stripbin == NULL)
> + stripbin = "strip";
> + execlp(stripbin, stripbin, to_name, (char *)NULL);
> err(EX_OSERR, "exec(strip)");
> default:
> if (wait(&status) == -1 || status) {
It's strikes me as being to risky from a security perspective.
You'd have to be really sure that there wasn't a trojan generator
masquerading as STRIPBIN.
Paul.
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-arch" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1012779534.18110.0.camel>