Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

precreate arbitrary code execution #276

Open
baszalmstra opened this issue Nov 10, 2024 · 0 comments
Open

precreate arbitrary code execution #276

baszalmstra opened this issue Nov 10, 2024 · 0 comments

Comments

@baszalmstra
Copy link

While porting the code to Rust I came across the precreate field. If I read the code correctly this allows executing arbitrary code at installation time which is a security risk. I am on personal vendetta against this in conda (link scripts too). 😺

I could not find a use of this in any conda-forge feedstock so I was wondering what the usecase for this would be?

Would it be possible to do achieve the same result without executing arbitrary code?
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
🧭 Planning
Status: 🆕 New
Milestone
No milestone
Development

No branches or pull requests
1 participant
@baszalmstra