FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > ArchLinux > ArchLinux Development

 
 
LinkBack Thread Tools
 
Old 11-06-2009, 04:53 AM
Eric Bélanger
 
Default makechrootpkg: Use the host's SRCDEST and PKGDEST if they are defined

On Thu, Nov 5, 2009 at 2:15 PM, Rogutės Sparnuotos
<rogutes@googlemail.com> wrote:
> Daenyth Blank (2009-11-05 13:07):
>> On Thu, Nov 5, 2009 at 13:03, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>> > I was thinking more along the lines of:
>> >
>> > Original: eval $(grep '^SRCDEST=' /etc/makepkg.conf)
>> >
>> > SRCDEST=$(grep '^SRCDEST=' /etc/makepkg.conf | cut -d= -f2)
>> > PKGDEST=$(grep '^PKGDEST=' /etc/makepkg.conf | cut -d= -f2)
>> >
>>
>> I believe that should work... Make sure to throw in a -d -w check
>> after, to make sure it's right... I think a malicious line (".. && rm
>> -rf /") would simply get stored as a string.. as long as we quote
>> everything properly and unset it if it's not right, I'm pretty sure
>> it's not dangerous. It could however, fail in cases where it's split
>> over multiple lines. I don't think that's a reason not to do it
>> though, I can't imagine a reason for such a thing.
>
> This wouldn't work for
> SRCDEST="/path/to/dir"
> SRCDEST='/path/to/dir'
>
> But sed should be able to do it:
> SRCDEST=$(sed -nr "/^SRCDEST=/{s/[^=]+=(['"]?)(.+)1/2/p}" /etc/makepkg.conf)
>
> --
> -- *Rogutės Sparnuotos
>

Let me know when you guys agree on a better (safer) way to implement
this. I'll then sent a corrected patch.
 
Old 11-06-2009, 04:53 AM
Eric Bélanger
 
Default makechrootpkg: Use the host's SRCDEST and PKGDEST if they are defined

On Thu, Nov 5, 2009 at 2:15 PM, Rogutės Sparnuotos
<rogutes@googlemail.com> wrote:
> Daenyth Blank (2009-11-05 13:07):
>> On Thu, Nov 5, 2009 at 13:03, Aaron Griffin <aaronmgriffin@gmail.com> wrote:
>> > I was thinking more along the lines of:
>> >
>> > Original: eval $(grep '^SRCDEST=' /etc/makepkg.conf)
>> >
>> > SRCDEST=$(grep '^SRCDEST=' /etc/makepkg.conf | cut -d= -f2)
>> > PKGDEST=$(grep '^PKGDEST=' /etc/makepkg.conf | cut -d= -f2)
>> >
>>
>> I believe that should work... Make sure to throw in a -d -w check
>> after, to make sure it's right... I think a malicious line (".. && rm
>> -rf /") would simply get stored as a string.. as long as we quote
>> everything properly and unset it if it's not right, I'm pretty sure
>> it's not dangerous. It could however, fail in cases where it's split
>> over multiple lines. I don't think that's a reason not to do it
>> though, I can't imagine a reason for such a thing.
>
> This wouldn't work for
> SRCDEST="/path/to/dir"
> SRCDEST='/path/to/dir'
>
> But sed should be able to do it:
> SRCDEST=$(sed -nr "/^SRCDEST=/{s/[^=]+=(['"]?)(.+)1/2/p}" /etc/makepkg.conf)
>
> --
> -- *Rogutės Sparnuotos
>

Let me know when you guys agree on a better (safer) way to implement
this. I'll then sent a corrected patch.
 

Thread Tools




All times are GMT. The time now is 09:48 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org