Bug#577210: tries to write FASL in wrong directory

Faré fahree at gmail.com
Tue Apr 13 22:28:29 UTC 2010


Severity: critical

now that I look at it again,

1- if we don't fix this bug, C-L-C is unusable to whomever doesn't
configure asdf-output-translations himself.

2- C-L-C needs to (asdf:clear-output-translations) and
(asdf:clear-source-registry) right before it dumps images, for all
implementations.

3- This is NOT ENOUGH. Actually using /var/cache/$UID without doing
the permission checking, etc., will reopen the security issue with bug
328633.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=328633
http://www.debian.org/security/2005/dsa-811

4- There is no "good" place in ASDF currently into which to hook such
security checking. Maybe a :before method on perform for compile-op or
load-op on systems. Meh. If you have a good idea for an API for that,
or want to discuss the issue, please send a message to the asdf-devel
mailing-list.

5- Short of including such hook, the "simple" solution is to use
ASDF's builtin per-user cache facility, except maybe for the root
user.

6- CLC needs to update ASDF to latest, anyway.

Sigh. Sorry for the trouble. Getting there.

[ François-René ÐVB Rideau | Reflection&Cybernethics | http://fare.tunes.org ]
Austrian economics is the second law of thermodynamics to every other
economist's perpetual motion machines. — Faré





More information about the pkg-common-lisp-devel mailing list