Closed tangledhelix closed 10 years ago
It makes me a bit nervous to include the "-p" argument to mkdir under all circumstances. I understand why it might be convenient when using DESTDIR, but I worry about any potential security issues it might open up?
What about making this a separate recipe in the Makefile?
I don't see how mkdir -p
introduces a security issue, but if you're really uncomfortable with it, using a different target should satisfy packager needs (as long as your README
makes note of it so packagers know about it).
Actually, your existing Makefile
has a bug: if the system has no /usr/local
, such as a stock minimal CentOS install, then the mkdir
to create /usr/local/bin
will fail. That scenario is exactly what mkdir -p
is meant to address.
That's exactly why I'm nervous about -p. It allows creation of arbitrarily deep paths without a robust system to ensure safe permissions and ownership.
I have neither the time nor desire to worry too much about the security details across all OS versions.
I'm not saying this is unsafe. I'm saying that the more complex it gets, the less confident I am that it is completely safe.
Requiring the user to ensure a certain folder exists isn't bad in my mind. Hence the absence of -p.
For your purposes I can understand wanting -p. That's why I am suggesting that they be different recipes.
Sent from my iPhone
On Oct 29, 2014, at 10:00 AM, Dan Lowe notifications@github.com wrote:
I don't see how mkdir -p introduces a security issue, but if you're really uncomfortable with it, using a different target should satisfy packager needs (as long as your README makes note of it so packagers know about it).
Actually, your existing Makefile has a bug: if the system has no /usr/local, such as a stock minimal CentOS install, then the mkdir to create /usr/local/bin will fail. That scenario is exactly what mkdir -p is meant to address.
— Reply to this email directly or view it on GitHub.
OK... sorry about so many commits on this, I'm apparently out of practice with Git since I use Subversion at work. My attempt to squash somehow made even more commits. In any case, what's currently here as far as the file diff for Makefile
will, I think, fit more with what you were thinking?
I made the edits manually to clean up the commit chain. Thanks for submitting this!
This commit adds support for using
DESTDIR
, which is used by software packagers when building RPMs and other packages. WhenDESTDIR
is set, it is used as a prefix for the install path, but when unset, the software installs to the system path (in this case,/usr/local/bin
).Example usage taken from an RPM spec file:
This is important when packaging because you need to install the output to a contained area in order to build a clean package from it, rather than install onto the system and then attempt to pick the files back out to package them.