| 1 |
On Tue, Aug 22, 2017 at 01:22:51PM -0400, Michael Orlitzky wrote: |
| 2 |
> The net-analyzer/nrpe package has a ./configure flag: |
| 3 |
> |
| 4 |
> --enable-command-args allows clients to specify command arguments. *** |
| 5 |
> THIS IS A SECURITY RISK! *** Read the SECURITY |
| 6 |
> file before using this option! |
| 7 |
> |
| 8 |
> Back in nrpe-2.x, it was available via USE=command-args, but I dropped |
| 9 |
> it from nrpe-3.x, and a user just asked about it (bug 628596). There are |
| 10 |
> at least two things we could do with a dangerous flag like that: |
| 11 |
> |
| 12 |
> 1) require EXTRA_ECONF to enable it. |
| 13 |
> 2) hide it behind a masked USE flag. |
| 14 |
> |
| 15 |
> Both options require about the same amount of work from the user, namely |
| 16 |
> editing something under /etc/portage. What do y'all think is the best |
| 17 |
> way to proceed? Are there other examples in the tree I could follow? |
| 18 |
|
| 19 |
I like the masked USE flag approach. Using EXTRA_ECONF requires a bit more |
| 20 |
work from the user (not much though) but is less visible afterwards in my |
| 21 |
opinion. |
| 22 |
|
| 23 |
Perhaps a name that implies that there is a security risk could be |
| 24 |
interesting, but that's a minor suggestion. |
| 25 |
|
| 26 |
Is there a way we could somehow ensure that a USE flag is never set |
| 27 |
globally, but only on a per-package basis? |
| 28 |
|
| 29 |
Wkr, |
| 30 |
Sven Vermeulen |
Archives