Permalink
Browse files

Fix for distcc issue 109 <http://code.google.com/p/distcc/issues/deta…

…il?id=109>:

Apply a patch from Debian that was forwarded upstream by mandyke.
The patch fixes a potential security problem in pump wrapper
(pump.in).  If PYTHONPATH were originally unset or empty, the current working
directory would be added to PYTHONPATH, which is a security risk.
  • Loading branch information...
fergushenderson committed May 3, 2012
1 parent 66d0e7f commit c94b3196d79d917389c63d5f18ae476765f06ea1
Showing with 1 addition and 1 deletion.
  1. +1 −1 pump.in
View
@@ -295,7 +295,7 @@ StartIncludeServer() {
# of one asterisk) without filename expansion.
eval \
"PYTHONOPTIMIZE='$PYTHONOPTIMIZE' " \
"PYTHONPATH='$pythonpath::$PYTHONPATH' " \
"PYTHONPATH='$pythonpath${PYTHONPATH:+:$PYTHONPATH}' " \
"'$PYTHON'" \
"'$include_server'" \
--port "'$socket'" \

0 comments on commit c94b319

Please sign in to comment.