Subject: Re: Option to make cpp(1) not accept named pipes or devices as
To: None <tech-toolchain@netbsd.org>
From: Christos Zoulas <christos@zoulas.com>
List: tech-toolchain
Date: 11/29/2004 23:10:42
In article <Pine.NEB.4.60.0411291756480.3140@himring.draga.com>,
Jim Wise <jwise@draga.com> wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>On Mon, 29 Nov 2004, Christos Zoulas wrote:
>
>>| This is true -- on the other hand, in the case of a binary (such as 
>>| calendar) compiled to use a new flag, the user will know that the 
>>| requested behavior was not provided, but will be unable to get the 
>>| binary to work, short of recompiling or of writing a wrapper script for 
>>| cpp which strips off the offending argument.
>>| 
>>| Not sure which is a more compelling argument...
>>
>>It is a security issue here. I -personally - rather have it not run, than talk to a
>>named pipe.
>
>Seems reasonable.  I'll place a note in calendar(1), and perhaps in 
>/etc/defaults/daily.conf warning about the dangers of using a 
>replacement cpp(1) here, and will look into adding a command line flag 
>- -- in addition to the environment variable, as users of binaries 
>compiled before the command line option became available should still 
>have an option.
>
>For the time being, I will probably commit the environment variable as 
>is, and then look to adding the command-line support, as adding a 
>command-line tool to any of the gcc frontends is... relatively involved. 
>(And as doing so certainly leaves us no _worse_ off than we are now!)

Sounds good to me. Thanks for fixing this after how many years? :-)

christos