summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Frysinger <vapier@chromium.org>2018-09-17 19:19:15 -0400
committerMike Frysinger <vapier@gentoo.org>2018-09-17 19:23:35 -0400
commite490601874fe785c7632e6571a3a1d8f43404622 (patch)
tree3293daa43f9bfecd5dfb43a533ccc4e2c5a5926d /sys-devel/bc/metadata.xml
parentdev-libs/libressl-2.6.5: ppc64 stable, bug 658158 (diff)
downloadgentoo-e490601874fe785c7632e6571a3a1d8f43404622.tar.gz
gentoo-e490601874fe785c7632e6571a3a1d8f43404622.tar.bz2
gentoo-e490601874fe785c7632e6571a3a1d8f43404622.zip
sys-devel/bc: add support for --sandbox & USE=forced-sandbox
The dc tool has an ! command which allows for arbitrary system() calls which is not ideal for processing arbitrary user scripts. First add support for a --sandbox flag at runtime (like sed/gawk gnu tools), then add a USE=forced-sandbox option so people can lock it down. The patches have been sent to upstream, but considering how slow the bc project tends to move, and their lack of a project site/git repo, going to merge this now and just wait for upstream feedback.
Diffstat (limited to 'sys-devel/bc/metadata.xml')
-rw-r--r--sys-devel/bc/metadata.xml3
1 files changed, 3 insertions, 0 deletions
diff --git a/sys-devel/bc/metadata.xml b/sys-devel/bc/metadata.xml
index 56c12441305..5bdfef6846f 100644
--- a/sys-devel/bc/metadata.xml
+++ b/sys-devel/bc/metadata.xml
@@ -5,4 +5,7 @@
<email>base-system@gentoo.org</email>
<name>Gentoo Base System</name>
</maintainer>
+<use>
+ <flag name="forced-sandbox">Always enable --sandbox mode for simpler/secure runtime (disables the ! command in dc)</flag>
+</use>
</pkgmetadata>