On 11.06.2008, at 05:57, Michael Stone wrote: > > A while ago, Walter mentioned that we'd like to be able to customize > things > like keyboard and internationalization settings. These settings are > loaded by a > program called 'olpc-session' maintained in the olpc-utils package. > > Unfortunately, when I set out to implement support for this feature, I > discovered two questions which I couldn't answer: > > 1) What should we call the customizations directory? > > ~/customizations > ~/.customizations > ~/.envdir ? > ~/<your suggestion here>
Why not ~/.olpc or ~/.olpcsession which would match the "olpc-session" program name? > 2) How should we process the contents? > > At present, olpc-session _sources_ ~/.kbd and ~/.i18n. If we > permit these > files to be modified by customization key, then we have > immediately offered > any attacker a root-level shell injection attack available on the > next > reboot. > > Can we force these files to match strict (safe) regular expressions? > > Should we write a careful parser for the intended values? > > Other options? Good catch. Do we need anything more than setting variables? If not, a parser should be reasonably simple to write (and certainly someone has done so before). - Bert - _______________________________________________ Devel mailing list [email protected] http://lists.laptop.org/listinfo/devel
