Open DavHau opened 4 years ago
nmattia
commented
4 years ago That is correct, I somewhat consider running shellHooks to be a security issue. The rest of the build is sandboxed (if you have sandboxed enabled) whereas the shellHook would just run as your user, in your shell, with access to your entire filesystem. I'm not sure what to do there.
DavHau
commented
4 years ago AFAIK both direnv and lorri support executing shellHooks.
I think it's not a major security issue, since direnv allow protects you from executing untrusted code.
Maybe @zimbatm has a better answer to this?
zimbatm
commented
4 years ago If sorri doesn't support the shellHook feature, it will not be a drop-in replacement to nix-shell. Using the shellHook to extend environment variables is quite common I think.
exporting variables via shellHook of mkShell doesn't seem to have any effect