Subject: Re: Option to make cpp(1) not accept named pipes or devices as
To: Christos Zoulas <>
From: Jim Wise <>
List: tech-toolchain
Date: 11/29/2004 18:00:11
Hash: SHA1

On Mon, 29 Nov 2004, Christos Zoulas wrote:

>| This is true -- on the other hand, in the case of a binary (such as 
>| calendar) compiled to use a new flag, the user will know that the 
>| requested behavior was not provided, but will be unable to get the 
>| binary to work, short of recompiling or of writing a wrapper script for 
>| cpp which strips off the offending argument.
>| Not sure which is a more compelling argument...
>It is a security issue here. I -personally - rather have it not run, than talk to a
>named pipe.

Seems reasonable.  I'll place a note in calendar(1), and perhaps in 
/etc/defaults/daily.conf warning about the dangers of using a 
replacement cpp(1) here, and will look into adding a command line flag 
- -- in addition to the environment variable, as users of binaries 
compiled before the command line option became available should still 
have an option.

For the time being, I will probably commit the environment variable as 
is, and then look to adding the command-line support, as adding a 
command-line tool to any of the gcc frontends is... relatively involved. 
(And as doing so certainly leaves us no _worse_ off than we are now!)

- -- 
				Jim Wise
Version: GnuPG v1.2.6 (NetBSD)