somewhat OT: configure and mterm was Re: Vintage terminals
Gordon JC Pearce
gordon at gjcp.net
Sat Mar 10 07:55:15 CST 2007
der Mouse wrote:
> The thing is, configure is an excellent place to hide a malicious
> grappling hook: it is frequently run by naïve installers, not
> uncommonly as root; by the nature of what it does, it is hard to
> sandbox (for example, it *must* be able to compile and run new
> programs); it is large and comparatively difficult to read over for
> human verification.
Well, if you're such a paranoid freak about it, only compile in a
virtual machine. Or, roll your own Makefiles from scratch. Or read
through configure.in and generate your own configure script. Or all three.
Gordon
More information about the cctalk
mailing list