Simon Kelley ha scritto: > Every potential addition is a judgement call between useful extra stuff > and bloat. In my experience, running shells to "do stuff" is never that > satisfactory, it's also terifyingly easy to get parameter escaping or > environment stuff wrong and allow arbitrary command execution.
I quite disagree on the "never satisfactory" thing: in general I can't see anything really simpler and more straightforward to get the job done than running a good old shell script to configure things. Regarding security, in general I much agree with you but I disagree with your strong adjectives: secure programming is always possible, certainly difficult but still possible. Later in your message you mention dbus: IMHO that is fairly contraddicting with respect to security because difficulty of secure programming usually is very related to complexities and introducing dbus introduces complexities also into dnsmasq (don't know, just supposing). Anyway I understand that you are not undecided as the "equivocating" verb you used in your previous message made me think (or maybe I just misinterpreted it due to the Italian meaning of that verb...) so I won't bother you further. > An alternative that I'm thinking about is DBus: > www.freedesktop.org/Software/dbus which is a lightweight IPC system > expressly designed for integrating daemon-like software components on > Unix systems. I already have libdbus patched into the initialisation and > event-loop code in dnsmasq, and DBus methods to set the upstream > nameservers. Ideally sounds cool, but I wonder whether it would actually suit an embedded system. I mean: another thing to compile, deploy, make room for in memory and storage... Don't know, seems a bit oversized for what dnsmasq is meant to be. But you seem to really "striding" toward it so what do you think about adding methods to also manipulate the internal cache? recently I'd have loved to have the possibility to "hotplug" (add/remove) entries in the cache at my will. > Maybe that could be extended for DHCP lease status changes? Can well be, but in order for it to make sense I think we'd need yet another daemon (to compile, deploy, etc.) waiting for those messages on the dbus. And what would that daemon possibly do on each received message? as long as all (or at least most of) other daemons, utilities, tools, etc. normally present even in the leanest system won't be dbus-aware that daemon would probably end up running a shell script, so you may have pushed many security concerns away from dnsmasq (which is certainly good since, as you said, dnsmasq is directly exposed by definition while dbus is not) but added general complexity to the overall operating system. And all this only to "do stuff" which most of times is very simple and quick? at a first glance to me it does not worth the while. All this is just my 2 cents :-) Bye, Luca