aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorAvatar David Leverton <levertond@googlemail.com> 2007-11-08 19:53:14 +0000
committerAvatar David Leverton <levertond@googlemail.com> 2007-11-08 19:53:14 +0000
commitfa9fac2fc5edb475aa6802d406cbe8f0782a8e92 (patch)
tree607628a21d74ab5dcb5b453658d0f9a21eac6bd4
parent3550e6b2d54e7cf4f3ead142eb754c2d14d252ea (diff)
downloadpaludis-fa9fac2fc5edb475aa6802d406cbe8f0782a8e92.tar.gz
paludis-fa9fac2fc5edb475aa6802d406cbe8f0782a8e92.tar.xz
Protect more against sandbox clobbering PATH.
-rw-r--r--NEWS2
-rwxr-xr-xpaludis/repositories/e/ebuild/ebuild.bash2
-rw-r--r--paludis/util/system.cc1
3 files changed, 5 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 67879aa..ea62b04 100644
--- a/NEWS
+++ b/NEWS
@@ -17,6 +17,8 @@ trunk/:
ignore defaults), --show-reasons summary, --show-use-descriptions changed,
--show-package-descriptions new, --dl-downgrade warning
+ * Paludis now protects further against sandbox clobbering the PATH.
+
0.26.0_alpha3:
* STILL BROKEN, wait for 0.26.0 if you use these: CRAN, Ruby bindings for
dep specs.
diff --git a/paludis/repositories/e/ebuild/ebuild.bash b/paludis/repositories/e/ebuild/ebuild.bash
index 1d7c2b5..76a4d24 100755
--- a/paludis/repositories/e/ebuild/ebuild.bash
+++ b/paludis/repositories/e/ebuild/ebuild.bash
@@ -20,6 +20,8 @@
# this program; if not, write to the Free Software Foundation, Inc., 59 Temple
# Place, Suite 330, Boston, MA 02111-1307 USA
+export PATH="${PATH_NOT_CLOBBERED_BY_SANDBOX}"
+
unalias -a
set +C
unset GZIP BZIP BZIP2 CDPATH GREP_OPTIONS GREP_COLOR GLOBIGNORE
diff --git a/paludis/util/system.cc b/paludis/util/system.cc
index c7ab092..0c32f9d 100644
--- a/paludis/util/system.cc
+++ b/paludis/util/system.cc
@@ -307,6 +307,7 @@ paludis::run_command(const Command & cmd)
for (Command::ConstIterator s(cmd.begin_setenvs()), s_end(cmd.end_setenvs()) ; s != s_end ; ++s)
setenv(s->first.c_str(), s->second.c_str(), 1);
+ setenv("PATH_NOT_CLOBBERED_BY_SANDBOX", getenv_with_default("PATH", "").c_str(), 1);
if (-1 != stdout_write_fd)
{