At present frysk.Config, and frysk.<subdir>.Build provide the build-time and run-time information required by installed applications. This has a number of problems: -> the current (bad) implementation has per-arch strings wired into .java files (they should be in CNI files) -> developers keep using Build variables in installed binaries Can, instead, this information be made available through compiled in properties. For instance, the build tree having: -Dfrysk.config.pkglibexecdir=/build/tree/containing/pkglibexec while the installed binary has: -Dfrysk.config.pkglibexecdir=/usr/libexec/frysk Although I also seriously wonder about the security implications of this - does it allow normal users to override the properties of a setuid program?
The problem here is that properties can be overridden via environment variables - so potentially something can be trojaned in using that.