diff options
-rwxr-xr-x | bin/ebuild.sh | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/bin/ebuild.sh b/bin/ebuild.sh index 92b635c3a..35b940bfb 100755 --- a/bin/ebuild.sh +++ b/bin/ebuild.sh @@ -272,7 +272,9 @@ register_die_hook() { export EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} $*" } -# Ensure that $PWD is sane whenever possible. +# Ensure that $PWD is sane whenever possible, to protect against +# exploitation of insecure search path for python -c in ebuilds. +# See bug #239560. if ! hasq "$EBUILD_PHASE" clean depend help ; then cd "$PORTAGE_BUILDDIR" || \ die "PORTAGE_BUILDDIR does not exist: '$PORTAGE_BUILDDIR'" |