<HTML><BODY><p style="margin-top: 0px;" dir="ltr">I agree!</p>
<div id="mail-app-auto-default-signature">
<p dir="ltr">--<br> Thanks<br> Brian</p>
</div>Saturday, 15 August 2020, 00:07AM -07:00 from Christof Thalhofer <a href="mailto:chrisml@deganius.de">chrisml@deganius.de</a>:<br><br><blockquote id="mail-app-auto-quote" cite="15974752390000020508" style="border-left:1px solid #0878BD; margin:0px 0px 0px 10px; padding:0px 0px 0px 10px;">
<div class="js-helper js-readmsg-msg">
<style type="text/css"></style>
<div >
<base target="_self" href="https://e-aj.my.com/" />
<div id="style_15974752390000020508_BODY">Am 14.08.20 um 20:33 schrieb Brian G:<br>
<br>
<div class="mail-quote-collapse">> I need some input here, I am thinking of having a directive for<br>
> gambas scripts that prevent the usage of local libraries The reason I<br>
> have for this is that it would be supper easy to simply hijack a<br>
> script that is being used for production management with a local<br>
> library which could be customized to do bad things if the script is<br>
> being run with sudo privileges.<br>
> <br>
> if my script used library x.0.0.0 from the system /usr/lib/gambas3 <br>
> and someone makes a local lib in ~/.local/share/lib/gambas3 called<br>
> x.0.0.0<br>
> <br>
> they just hijacked my script and have su privileges!!!<br>
</div><br>
If the script runs with root privileges<br>
'~/.local/share/lib/gambas3'<br>
should translate to:<br>
<br>
'/root/.local/share/lib/gambas3'<br>
<br>
So ... no problem, as I imagine.<br>
<br>
But try it out!<br>
<br>
Alles Gute<br>
<br>
Christof Thalhofer<br>
<br>
-- <br>
Dies ist keine Signatur<br>
<br>
</div>
<div><br>
----[ <a href="http://gambaswiki.org/wiki/doc/netiquette" target="_blank" >http://gambaswiki.org/wiki/doc/netiquette</a> ]----<br>
<br>
</div>
<base target="_self" href="https://e-aj.my.com/" />
</div>
</div>
</blockquote></BODY></HTML>