|
|
|
|
|
|
by TheDong
1699 days ago
|
|
|
It is the normal way of the world. Makefiles are arbitrary code execution. 'build.rs' in rust is the same. npm's package.json has an install script. Often this arbitrary code is to do things like run "pkg-config --libs" or such to find dependencies to link against, or generate some files that shouldn't be checked into source code, but rarely does it have sandboxing or other restrictions. Languages, like Go, which don't let a package execute arbitrary code on installation are the exception. |
|
|