From 3dbbd51b9ac031d9e5471b0bd534195e6194e463 Mon Sep 17 00:00:00 2001 From: joey Date: Sun, 18 Feb 2007 18:12:46 +0000 Subject: response --- doc/patchqueue/lib-fixup.mdwn | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/doc/patchqueue/lib-fixup.mdwn b/doc/patchqueue/lib-fixup.mdwn index 0739c2115..479f3a5a2 100644 --- a/doc/patchqueue/lib-fixup.mdwn +++ b/doc/patchqueue/lib-fixup.mdwn @@ -2,6 +2,17 @@ I'm using Ikiwiki on a box where I don't have root access, so I install all of m I imagine that there's a clean and elegant solution to this, but the hack I'm currently using is to have `./make` alter `ikiwki.in` before it's run, by inserting `use lib ...` lines for each of the directories in `$ENV{PERL5LIB}`. Again, this is clearly ugly, but it allows me to run `./make`, so I'm submitting it FWIW. +> I don't like this patch because it's not expected that an environment +> variable will stick around outside the shell that it's set in. It could +> lead to suprising behavior if PERL5LIB happened to be set during build, +> and it's even possible for it to lead to security issues, imagine if I +> accidentially built the debian package of ikiwiki with PERL5LIB set -- +> then it would be hardcoded to look in /home/joey for libraries, which +> someone with a "joey" account elsewhere could use to exploit it. +> +> You could remove the taint switch locally, it's very unlikely to find +> tainting problems that nobody else has noticed. --[[Joey]] +
 
 Index: Makefile.PL
 ===================================================================
@@ -35,4 +46,4 @@ ___________________________________________________________________
 Name: svn:executable
    + *
 
-
\ No newline at end of file + -- cgit v1.2.3