Bug#577210: tries to write FASL in wrong directory
Faré
fahree at gmail.com
Tue Apr 13 22:28:29 UTC 2010
Severity: critical
now that I look at it again,
1- if we don't fix this bug, C-L-C is unusable to whomever doesn't
configure asdf-output-translations himself.
2- C-L-C needs to (asdf:clear-output-translations) and
(asdf:clear-source-registry) right before it dumps images, for all
implementations.
3- This is NOT ENOUGH. Actually using /var/cache/$UID without doing
the permission checking, etc., will reopen the security issue with bug
328633.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328633
http://www.debian.org/security/2005/dsa-811
4- There is no "good" place in ASDF currently into which to hook such
security checking. Maybe a :before method on perform for compile-op or
load-op on systems. Meh. If you have a good idea for an API for that,
or want to discuss the issue, please send a message to the asdf-devel
mailing-list.
5- Short of including such hook, the "simple" solution is to use
ASDF's builtin per-user cache facility, except maybe for the root
user.
6- CLC needs to update ASDF to latest, anyway.
Sigh. Sorry for the trouble. Getting there.
[ François-René ÐVB Rideau | Reflection&Cybernethics | http://fare.tunes.org ]
Austrian economics is the second law of thermodynamics to every other
economist's perpetual motion machines. — Faré
More information about the pkg-common-lisp-devel
mailing list