[Gambas-user] Test Module, First try

[Brian G]

Thanks Bruce That's what I was Thinking!

I am holding off on adding the /usr/bin directory as a possible source, it seems wrong to look for a library there.

I need some input here, I am thinking of having a directive for gambas scripts that prevent the usage of local libraries
The reason I have for this is that it would be supper easy to simply hijack a script that is being used for production management with a local library which could be customized to do bad things if the script is being run with sudo privileges.

if my script used library x.0.0.0 from the system /usr/lib/gambas3
and someone makes a local lib in ~/.local/share/lib/gambas3 called x.0.0.0

they just hijacked my script and have su privileges!!!

It can't be a command line option as that can be overridden... or if the script is executes directly...

I don't know if this would also affect gambas apps, but i think you define the exact lib in the ide to be used for apps.

Thoughts comments

Thank You
Brian G

----- Original Message -----
From: "Bruce" <adamnt42 at gmail.com>
To: "Gambas mailing list" <user at lists.gambas-basic.org>
Sent: Friday, August 14, 2020 6:16:25 PM
Subject: Re: [Gambas-user] Test Module, First try

On 15/8/20 12:59 am, Brian G wrote:
> Bruce, where is the correct path decided at compile time or runtime in gambas3.

Well both!
The compiler has to decide where to put it and the runtime has to decide 
wgere to find it.
Or have I misunderstood? (Don't forget I'm following this on an ad-hoc 
basis)

rgrds
bruce

----[ http://gambaswiki.org/wiki/doc/netiquette ]----