bug-gnulib
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

use of AC_TRY_EVAL broken

From: Eric Blake
Subject: use of AC_TRY_EVAL broken
Date: Thu, 23 Oct 2008 06:30:50 -0600
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.17) Gecko/20080914 Thunderbird/2.0.0.17 Mnenhy/0.7.5.666 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The following gnulib files use an undocumented autoconf macro AC_TRY_EVAL,
which is buggy because it does not prevent against shell glob expansion
and could end up invoking arbitrary commands according to the contents of
the current directory.  We need to switch these over to using documented
commands, particularly since I'm thinking of removing AC_TRY_EVAL from the
next version of autoconf because of its security risks.

locale-fr.m4
locale-tr.m4
locale-zh.m4
printf.m4

- --
Don't work too hard, make some time for fun as well!

Eric Blake             address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkkAbnoACgkQ84KuGfSFAYDJqQCgynEDW8UECvxiqXFTAPlIkCkw
+XEAoNWx9KZdVy5wTq4QPBl+TjXx84tL
=EC1G
-----END PGP SIGNATURE-----
reply via email to
[Prev in Thread] Current Thread [Next in Thread]