From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp0 ([2001:41d0:8:6d80::]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by ms0.migadu.com with LMTPS id iMphCn8BZmCcFgEAgWs5BA (envelope-from ) for ; Thu, 01 Apr 2021 19:23:11 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp0 with LMTPS id EKtPBH8BZmDhGgAA1q6Kng (envelope-from ) for ; Thu, 01 Apr 2021 17:23:11 +0000 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id C99272CE8D for ; Thu, 1 Apr 2021 19:23:10 +0200 (CEST) Received: from localhost ([::1]:46780 helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1lS12D-0007r2-Sd for larch@yhetil.org; Thu, 01 Apr 2021 13:23:09 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]:47630) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1lS126-0007qA-K2 for guix-patches@gnu.org; Thu, 01 Apr 2021 13:23:02 -0400 Received: from debbugs.gnu.org ([209.51.188.43]:46949) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1lS126-00080i-9T for guix-patches@gnu.org; Thu, 01 Apr 2021 13:23:02 -0400 Received: from Debian-debbugs by debbugs.gnu.org with local (Exim 4.84_2) (envelope-from ) id 1lS126-0006QU-5M for guix-patches@gnu.org; Thu, 01 Apr 2021 13:23:02 -0400 X-Loop: help-debbugs@gnu.org Subject: [bug#47539] [PATCH 00/28] Add gh and dependencies Resent-From: Jack Hill Original-Sender: "Debbugs-submit" Resent-CC: guix-patches@gnu.org Resent-Date: Thu, 01 Apr 2021 17:23:02 +0000 Resent-Message-ID: Resent-Sender: help-debbugs@gnu.org X-GNU-PR-Message: followup 47539 X-GNU-PR-Package: guix-patches X-GNU-PR-Keywords: patch To: Leo Prikler Cc: 47539@debbugs.gnu.org, Xinglu Chen Received: via spool by 47539-submit@debbugs.gnu.org id=B47539.161729772524610 (code B ref 47539); Thu, 01 Apr 2021 17:23:02 +0000 Received: (at 47539) by debbugs.gnu.org; 1 Apr 2021 17:22:05 +0000 Received: from localhost ([127.0.0.1]:58495 helo=debbugs.gnu.org) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lS11B-0006Os-0k for submit@debbugs.gnu.org; Thu, 01 Apr 2021 13:22:05 -0400 Received: from minsky.hcoop.net ([104.248.1.95]:36794) by debbugs.gnu.org with esmtp (Exim 4.84_2) (envelope-from ) id 1lS119-0006OL-37 for 47539@debbugs.gnu.org; Thu, 01 Apr 2021 13:22:03 -0400 Received: from marsh.hcoop.net ([45.55.52.66]) by minsky.hcoop.net with esmtpsa (TLS1.3:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.92) (envelope-from ) id 1lS10x-000379-6b; Thu, 01 Apr 2021 13:21:51 -0400 Date: Thu, 1 Apr 2021 13:21:50 -0400 (EDT) From: Jack Hill X-X-Sender: jackhill@marsh.hcoop.net In-Reply-To: Message-ID: References: <7f41ded1648030ed8f4db3165bfe4ccb2cb6b2a9.camel@student.tugraz.at> <87czve3vrg.fsf@yoctocell.xyz> <877dlm3rak.fsf@yoctocell.xyz> User-Agent: Alpine 2.21 (DEB 202 2017-01-01) MIME-Version: 1.0 Content-Type: text/plain; charset=US-ASCII; format=flowed X-BeenThere: debbugs-submit@debbugs.gnu.org X-Mailman-Version: 2.1.18 Precedence: list X-BeenThere: guix-patches@gnu.org List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-patches-bounces+larch=yhetil.org@gnu.org Sender: "Guix-patches" X-Migadu-Flow: FLOW_IN ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1617297790; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:resent-cc:resent-from:resent-sender: resent-message-id:in-reply-to:in-reply-to:references:references: list-id:list-help:list-unsubscribe:list-subscribe:list-post; bh=B77x/FEjcocwJski422Qdvrvo7iCeLOBIAMdgvv6X+A=; b=bKhwfE4uFfbx45TRbu4VVLRyDadwMKuC95rf3tIrmDeUDqIb83/hrYCKyaMgDxXXB4UQ7Y co8NA0zpvJAcOsdtIetpnfZFgAaUX2evEz27fCoEhgRX7tVQ2r+HbFyDFzjrZ64nrNLI/m KEeRVZnOjGBS2kzXwzCmt2fl39RPJbPkWvfUB0e7t27BnsYN76LJ9t+8WyuIorH/kB1ifZ 7mhqGjElJW3pjAD6ASvRRslT9T9RxiNkg8dEVK4qvM+yRzI7Yirb2CbpsmdLESR9EJ0tLJ riCRfbSxdFZUM4JcnSb3eJkOJn1q5RUTR8xz7v4c/VUs91ozlvxfdeTu0YclCA== ARC-Seal: i=1; s=key1; d=yhetil.org; t=1617297790; a=rsa-sha256; cv=none; b=JImzAQ7QLx186pTnGb95YnfPe0vcBk6l52R1NqJbJVkpHWiSx7yGMKYosoO85U7mjA6oWP L9W1loLWjcrk40qZpsynYmheSppwAlRxZsu3RT1ZJL0Up3gLXs4tBx+7wPUVMqY7Wff2Nu ctnUPEOo0cGePeCX93jJRmAzg0l0KZNNDDDntMJ3ECPCnLhZeLa7cSrCK/ZYvIpcTDiC1S tPUdeZuWSWLLUE/5UV+8J+2X8q6RFf1buPJMASUQRI27eqA5AhtQr492s9YgtrgAldG9hp HYb1JEhc+8FUBaTapuGAzxpOtN/CIA+zpCPwvLhWjCSCLJUts0yHfzXQdURNsg== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Spam-Score: -2.43 Authentication-Results: aspmx1.migadu.com; dkim=none; dmarc=none; spf=pass (aspmx1.migadu.com: domain of guix-patches-bounces@gnu.org designates 209.51.188.17 as permitted sender) smtp.mailfrom=guix-patches-bounces@gnu.org X-Migadu-Queue-Id: C99272CE8D X-Spam-Score: -2.43 X-Migadu-Scanner: scn0.migadu.com X-TUID: qQRE39nfVGeW On Thu, 1 Apr 2021, Leo Prikler wrote: > After doing some quick investigations myself, I think the following > pair of substitute*s might work: > (("github.com/cli/safeexec") "os/exec") > (("safeexec") "exec") I happened to be reading the Go blog post about command path security [0]. I haven't looked at it very closely, but I'm hopeful that future gh versions may be able to get safeexec-like behavior from the Go standard library. [0] https://blog.golang.org/path-security Best, Jack