Add an explicit note about bug #239560 in the relevant code.

author Zac Medico <zmedico@gentoo.org>

Sun, 12 Oct 2008 21:01:12 +0000 (21:01 -0000)

committer Zac Medico <zmedico@gentoo.org>

Sun, 12 Oct 2008 21:01:12 +0000 (21:01 -0000)
author Zac Medico <zmedico@gentoo.org>
Sun, 12 Oct 2008 21:01:12 +0000 (21:01 -0000)
committer Zac Medico <zmedico@gentoo.org>
Sun, 12 Oct 2008 21:01:12 +0000 (21:01 -0000)
diff --git a/bin/ebuild.sh b/bin/ebuild.sh

index 92b635c3ab516c9b5ed1ea16af8d0731c0805c7d..35b940bfb7c0778554f72fed3e5c4624d9dcc50a 100755 (executable)
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -272,7 +272,9 @@ register_die_hook() {
         export EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} $*"
  }
  
-# Ensure that $PWD is sane whenever possible.
+# Ensure that $PWD is sane whenever possible, to protect against
+# exploitation of insecure search path for python -c in ebuilds.
+# See bug #239560.
  if ! hasq "$EBUILD_PHASE" clean depend help ; then
         cd "$PORTAGE_BUILDDIR" || \
                 die "PORTAGE_BUILDDIR does not exist: '$PORTAGE_BUILDDIR'"
author	Zac Medico <zmedico@gentoo.org>
	Sun, 12 Oct 2008 21:01:12 +0000 (21:01 -0000)
committer	Zac Medico <zmedico@gentoo.org>
	Sun, 12 Oct 2008 21:01:12 +0000 (21:01 -0000)