the new controlchan (+gpgverify)

greg andruk supersede at india.com
Thu Feb 8 06:39:59 UTC 2001


In nnfolder+Mail:inn-workers, Russ Allbery <rra at stanford.edu> wrote:

> innshellvars actually already sets PATH; it just does it as the last thing
> it does.  So if we moved that in front of the magic eval stuff, that
> should work.

Now you're really opeining up a can of worms =)

That statement adds to the existing path, so there is still the
tainting problem.  Also, the path additions are built from the results
of the eval.

I suppose the original path could be laundered in the same skanky way
as the eval, but now we're really working against the point of taint
checking.

To get the eval done, a dummy path could be set at the start, then the
augmented version set at the end as now.

This might be a good time to mention that annoyances like this are why
I only used the -T for local testing.


More information about the inn-workers mailing list