Xen project Mailing List

[PATCH 5/7] tools: Use -s for python shebangs

To: Xen-devel <xen-devel@xxxxxxxxxxxxxxxxxxxx>

From: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>

Date: Tue, 14 Mar 2023 14:15:18 +0000

Authentication-results: esa2.hc3370-68.iphmx.com; dkim=none (message not signed) header.i=none

Cc: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>, "Anthony PERARD" <anthony.perard@xxxxxxxxxx>, Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx>, Bernhard Kaindl <bernhard.kaindl@xxxxxxxxxx>

Delivery-date: Tue, 14 Mar 2023 14:15:49 +0000

Ironport-data: A9a23:Y9OkbK5SZrjyYQxCuhtZawxRtCbHchMFZxGqfqrLsTDasY5as4F+v mcfXT2HM6ncYWL0c4hzbtuz9EgAvJeEyNZiTVBs/ilnHi5G8cbLO4+Ufxz6V8+wwm8vb2o8t plDNYOQRCwQZiWBzvt4GuG59RGQ7YnRGvynTraCYnsrLeNdYH9JoQp5nOIkiZJfj9G8Agec0 fv/uMSaM1K+s9JOGjt8B5mr9VU+7JwehBtC5gZlPasS4AeE/5UoJMl3yZ+ZfiOQrrZ8RoZWd 86bpJml82XQ+QsaC9/Nut4XpWVTH9Y+lSDX4pZnc/DKbipq/0Te4Y5iXBYoUm9Fii3hojxE4 I4lWapc6+seFvakdOw1C3G0GszlVEFM0OevzXOX6aR/w6BaGpdFLjoH4EweZOUlFuhL7W5m5 a0IJRQIbEi6l7i9w7e3RMV2pJw5I5y+VG8fkikIITDxCP8nRdbIQrnQ5M8e1zA17ixMNa+AP YxDM2MpNUmeJUQVYT/7C7pn9AusrlD5fydVtxS+oq0v7nKI5AdwzKLsIJzefdniqcB9xx7A+ DObozulav0cHN6Y6jOb00mUvPaVx3ukY6gyGr+g98c/1TV/wURMUUZLBDNXu8KRmkO4Ht5SN UEQ0i4vtrQpslymSMHnWB+1q2LCuQQTM/JPF8Uq5QfLzbDbiy6cD3IBRyRMa/QnstE3Xj0g0 lKVn9LvCidrubfTQnWYnop4thvrZ3JTdzVbI3ZZE01cuYKLTJwPYgznXodzHYqwjIXMCWv7w DWGogQkpe0Jgptev0mkxmzvjzWpr5nPawc64ATLQ26ohj9EiJ6Zi5+AsgaCs6sZRGqNZhzY5 SVfxZDChAwbJcvV/BFhVtnhC11ACxytFDTHyWBiEJA6n9hG0y7yJNsAiN2SyaoADyrlRdMLS BWO0e+yzMUJVJdPUUOQS9PZNijS5fK8fekJr9iNBja0XrB/dRWc4AZlblOK0mbmnSAEyP9ga cjAK5n2VytDUMyLKQZaoM9MuYLHOwhknT+DLXwF503PPUWiiI69Fu5ebQrmghER56KYugTFm +ti2z+x40wHCoXWO3CHmbP/2HhWdRDX87iq8Z0IHgNCSyI6cFwc5wj5muN5KtU1wvoIxo8lP BiVAydl9bY2vlWfQS3iV5ypQOmHsUpXxZ7jARERAA==

Ironport-hdrordr: A9a23:yLvaFKHSa0ZdgASKpLqENMeALOsnbusQ8zAXPiFKOGdom6mj/P xG88506faZslsssTIb6LS90dC7IE80rKQU3WBzB8bBYOCFghrREGgK1+KLqQEIfReOk9K1vp 0OT0ERMrHN5BdB/KHHCaSDYrAd6cjC2pqBwc3Zy25pTQlsYa0l1QFkEQyWe3cGJzWuQaBJba ah2g==

List-id: Xen developer discussion <xen-devel.lists.xenproject.org>

This is mandated by the Fedora packaging guidelines because it is a security vulnerability otherwise in suid scripts. It's a very good idea generally, because it prevents the users local python environment interfering from system packaged scripts. Signed-off-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx> --- CC: Wei Liu <wl@xxxxxxx> CC: Anthony PERARD <anthony.perard@xxxxxxxxxx> CC: Marek Marczykowski-Górecki <marmarek@xxxxxxxxxxxxxxxxxxxxxx> CC: Bernhard Kaindl <bernhard.kaindl@xxxxxxxxxx> --- tools/Rules.mk | 2 +- tools/pygrub/Makefile | 2 +- tools/python/Makefile | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/tools/Rules.mk b/tools/Rules.mk index 6e135387bd7e..18cf83f5be83 100644 --- a/tools/Rules.mk +++ b/tools/Rules.mk @@ -179,7 +179,7 @@ CFLAGS += $(CFLAGS-y) CFLAGS += $(EXTRA_CFLAGS_XEN_TOOLS) INSTALL_PYTHON_PROG = \ - $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH)" $(INSTALL_PROG) + $(XEN_ROOT)/tools/python/install-wrap "$(PYTHON_PATH) -s" $(INSTALL_PROG) %.opic: %.c $(CC) $(CPPFLAGS) -DPIC $(CFLAGS) $(CFLAGS_$*.opic) -fPIC -c -o $@ $< $(APPEND_CFLAGS) diff --git a/tools/pygrub/Makefile b/tools/pygrub/Makefile index 29ad0513212f..04b3995cc0f6 100644 --- a/tools/pygrub/Makefile +++ b/tools/pygrub/Makefile @@ -7,7 +7,7 @@ PY_LDFLAGS = $(SHLIB_LDFLAGS) $(APPEND_LDFLAGS) INSTALL_LOG = build/installed_files.txt setup.py = CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDSHARED="$(CC)" LDFLAGS="$(PY_LDFLAGS)" \ - $(PYTHON) setup.py + $(PYTHON) setup.py --executable="$(PYTHON_PATH) -s" .PHONY: all all: build diff --git a/tools/python/Makefile b/tools/python/Makefile index cc764236478a..511e7deae409 100644 --- a/tools/python/Makefile +++ b/tools/python/Makefile @@ -12,7 +12,7 @@ setup.py = CC="$(CC)" CFLAGS="$(PY_CFLAGS)" LDSHARED="$(CC)" LDFLAGS="$(PY_LDFLA SHLIB_libxenctrl="$(SHLIB_libxenctrl)" \ SHLIB_libxenguest="$(SHLIB_libxenguest)" \ SHLIB_libxenstore="$(SHLIB_libxenstore)" \ - $(PYTHON) setup.py + $(PYTHON) setup.py --executable="$(PYTHON_PATH) -s" .PHONY: build build: -- 2.30.2

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.