On Mon, Jun 08, 2009 at 05:48:43PM -0700, Jeremy Cowles wrote:
> Actually, a batch is the main_application for PyMW currently. Because the
> true application changes from run to run, it gets passed as an argument to a
> batch file which hands it off to Python. So the command looks something
> like:
>
> pymw_1.00_windows_intelx86.bat <main_app_script> <input_file> <output_file>
Have you considered the security implications? Running the application
this way means that the code_signing_key can be easily circumvented. If
someone breaks into your server, they can inject a malicious script into
a work unit as an extra input file (and therefore not subject to
code_signing_key checking) and modify the command line to call the malicious
script instead of the main application. That script then can then deploy
rootkits, viruses, trojans, SPAM bots etc.
We also have applications that use an interpreter (a modified busybox in
our case), but we have the scrit's name hard-coded in the main
executable and therefore you cannot override it so easily.
Actually, you do not need to override the command line. Just inject an
extra input file called "python.exe" using <copy_file/>, and Windows
will happily execute it before looking at %PATH%. So you not only
need to hard-code the name of the main script, but you also have to
hard-code the path to the Python interpreter on Windows.
So I think the lack of .bat handling is in fact an useful feature
because it makes you think twice.
Gabor
--
---------------------------------------------------------
MTA SZTAKI Computer and Automation Research Institute
Hungarian Academy of Sciences
---------------------------------------------------------
_______________________________________________
boinc_dev mailing list
[email protected]
http://lists.ssl.berkeley.edu/mailman/listinfo/boinc_dev
To unsubscribe, visit the above URL and
(near bottom of page) enter your email address.
