From 3308efd69be3bcbfde53f65def1a0575ed498449 Mon Sep 17 00:00:00 2001
From: Zac Medico <zmedico@gentoo.org>
Date: Sun, 12 Oct 2008 21:01:12 +0000
Subject: Add an explicit note about bug #239560 in the relevant code.

svn path=/main/trunk/; revision=11684
---
 bin/ebuild.sh | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'bin')

diff --git a/bin/ebuild.sh b/bin/ebuild.sh
index 92b635c3a..35b940bfb 100755
--- a/bin/ebuild.sh
+++ b/bin/ebuild.sh
@@ -272,7 +272,9 @@ register_die_hook() {
 	export EBUILD_DEATH_HOOKS="${EBUILD_DEATH_HOOKS} $*"
 }
 
-# Ensure that $PWD is sane whenever possible.
+# Ensure that $PWD is sane whenever possible, to protect against
+# exploitation of insecure search path for python -c in ebuilds.
+# See bug #239560.
 if ! hasq "$EBUILD_PHASE" clean depend help ; then
 	cd "$PORTAGE_BUILDDIR" || \
 		die "PORTAGE_BUILDDIR does not exist: '$PORTAGE_BUILDDIR'"
-- 
cgit v1.2.3-1-g7c22