GNU bug report logs - #47539
[PATCH 00/28] Add gh and dependencies

Previous Next

Package: guix-patches;

Reported by: Xinglu Chen <public <at> yoctocell.xyz>

Date: Thu, 1 Apr 2021 07:52:02 UTC

Severity: normal

Tags: patch

Done: Sharlatan Hellseher <sharlatanus <at> gmail.com>

Bug is archived. No further changes may be made.

Full log

Message #107 received at 47539 <at> debbugs.gnu.org (full text, mbox):

From: Jack Hill <jackhill <at> jackhill.us>
To: Leo Prikler <leo.prikler <at> student.tugraz.at>
Cc: 47539 <at> debbugs.gnu.org, Xinglu Chen <public <at> yoctocell.xyz>
Subject: Re: [bug#47539] [PATCH 00/28] Add gh and dependencies
Date: Thu, 1 Apr 2021 13:21:50 -0400 (EDT)

On Thu, 1 Apr 2021, Leo Prikler wrote:

> After doing some quick investigations myself, I think the following
> pair of substitute*s might work:
>  (("github.com/cli/safeexec") "os/exec")
>  (("safeexec") "exec")

I happened to be reading the Go blog post about command path security [0]. 
I haven't looked at it very closely, but I'm hopeful that future gh 
versions may be able to get safeexec-like behavior from the Go standard 
library.

[0] https://blog.golang.org/path-security

Best,
Jack
This bug report was last modified 99 days ago.

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.