[Lazarus] why "error expanding embedded variable" ?
davy zhang
davyzhang at gmail.com
Sat Aug 30 09:36:01 CEST 2008
Op vrijdag 29-08-2008 om 15:53 uur [tijdzone +0200], schreef Mattias
Gaertner:
> On Fri, 29 Aug 2008 14:55:00 +0200
> Joost van der Sluis <joost at cnoc.nl> wrote:
>
> > Hi all,
> >
> > As the packager of Lazarus in Fedora, I get notifications if someone
> > files a bug in Fedora's bug-tracker.
> >
> > Now someone added a bug-report with a security issue:
> > https://bugzilla.redhat.com/show_bug.cgi?id=460642
> >
> > And indeed, if someone add a symlink like 'ln
> > -s /tmp/fpc_patchdir /etc' and thereafter someone with
> > root-permissions runs the check_fpc_dependencies.sh script with th
> > following code in it he won't be happy:
> >
> > 89 TmpDir=/tmp/fpc_patchdir
> > 90 if [ "$WithTempDir" = "yes" ]; then
> > 91 if [ -d $TmpDir ]; then
> > 92 rm -rf $TmpDir/*
> > 93 rm -r $TmpDir
> > 94 fi
> >
> > How can we fix this?
>
> I replaced it with
> rm -rf $TmpDir
Read the link, this was only one example, but there are more. And your
solution works for the hack in my example, but I doubt it is entirely
safe.
Joost.
More information about the Lazarus
mailing list