|
|
|
|
|
|
by contras1970
2587 days ago
|
|
|
no, it's just cargocult security. edit after your reply: if you install in /tmp, you'll end up with /tmp/bin/dstat and /tmp/share/dstat. you're concerned that an attacker could smuggle something into /tmp/share/dstat, but /tmp/bin/dstat is of no worry? what exactly is the threat here? > access control of `../share` in an unknown part of the filesystem is a matter for some concern. Given that the binary can be put basically anywhere, it would seem to be perilously close to CWD. another edit since i cannot reply to you: do you have any examples of the "threat model [which] includes that you can't trust every part of the filesystem you're working from"? something concrete, specific. a particular install prefix that would let you create $prefix/bin/dstat but $prefix/share/dstat would be dangerous. aaand, see my reply at https://news.ycombinator.com/item?id=19989237 |
|
|
EDIT: A sibling points out the issue in more detail - https://news.ycombinator.com/item?id=19989237