[buildd-tools-devel] Bug#836175: Bug#836175: libsbuild-perl: Do not use single quotes in embedded perl script
Samuel Thibault
sthibault at debian.org
Wed Aug 31 17:20:54 UTC 2016
Hello,
Johannes Schauer, on Wed 31 Aug 2016 19:11:38 +0200, wrote:
> > Do you get to see the "Stripped single quote from command for security:"
> > message at least?
>
> nope:
Ok.
> I also wonder what this single quote stripping is supposed to achieve in the
> first place. How does it enhance security? I think it was first introduced by
> Roger Leigh in commit ec49ae9cc6669b9a60d04b0a9186181b93748153 for
> lib/Sbuild/Chroot.pm.
I don't know.
> Additionally, current sbuild only seem to have this message in
> lib/Sbuild/ChrootPlain.pm and lib/Sbuild/ChrootSudo.pm. Are you not using
> schroot for your chroots?
I'm not sure what you exactly mean. AIUI I'm using plain directory
chroots with a mere sudo chroot into it, nothing fancy like schroot
sessions, snapshots, fresh tarball etc. I just use sbuild to launch it.
Samuel
More information about the Buildd-tools-devel
mailing list