GNU bug report logs - #30683
[PATCH] build: add a configure flag to force --sandbox

Previous Next

Package: sed;

Reported by: Mike Frysinger <vapier <at> gentoo.org>

Date: Fri, 2 Mar 2018 22:29:01 UTC

Severity: normal

Tags: notabug, patch

Done: Assaf Gordon <assafgordon <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #24 received at 30683 <at> debbugs.gnu.org (full text, mbox):

From: Jim Meyering <jim <at> meyering.net>
To: Assaf Gordon <assafgordon <at> gmail.com>
Cc: Mike Frysinger <vapier <at> gentoo.org>, 30683 <at> debbugs.gnu.org,
 Eric Blake <eblake <at> redhat.com>
Subject: Re: bug#30683: [PATCH] build: add a configure flag to force --sandbox
Date: Fri, 2 Mar 2018 17:34:18 -0800

On Fri, Mar 2, 2018 at 3:44 PM, Assaf Gordon <assafgordon <at> gmail.com> wrote:
> Hello Eric, Mike,
>
> (replying to both recent messages)
>
> On Fri, Mar 02, 2018 at 05:20:07PM -0600, Eric Blake wrote:
>> On 03/02/2018 05:07 PM, Assaf Gordon wrote:
>>
>> >Adding such "--enable" options to "./configure" goes against the gnu coding standards,
>>
>> Would a different spelling, such as '--with-forced-sandbox-default=on/off'
>> be better?
>
> On Fri, Mar 2, 2018 at 4:27 PM, Mike Frysinger <vapier <at> gentoo.org> wrote:
>> [...] so if you tell me what name you
>> want, i'll happily adjust the patch/code.
>
> I generally do not object to this feature (regardless of the name).
>
> However when I previously suggested something similar for coreutils [1]
> (a ./configure flag to change the default 'ls' quoting style),
> it was explained that such things should be avoided [2].
>
> [1] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00057.html
> [2] https://lists.gnu.org/archive/html/bug-coreutils/2016-02/msg00058.html
>
> Perhaps there's no issue in adding it to sed - in which case I'm happy to commit it.
>
> Jim - what do you think?

Hi Assaf,

I think you made the right call by declining this change. The trouble
with any such configure-time option is that then any script that
requires a legitimate use of those sed commands would fail.

Mike, it sounds like you want an environment in which every sed use
would resolve to a specially-built sed binary. Given that you can do
that, can't you interpose a wrapper that invokes the real sed with
--sandbox?
This bug report was last modified 7 years and 173 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.