David Wheeler wrote:
>
> Just a thought about auto-running scripts.. there may be some security
> surprises. After all, instead of "indent", a program might set up
> "/bin/rm -fr *" as the script. In this case the risk may be
> acceptable (you'll presumably run the program you generate, which could
> hide nasty code too), but it's something to think about.
>
> I don't have any great solutions in mind; I guess you could show the
> script before executing it (& if accepted, store the hash of the acceptable
> script and project name in a home directory so it'd be remembered).
Yes, we need to be a bit careful about security.
If we just execute the scripts named 'glade_save_source_before' and
'glade_save_source_after' (which is what the patch did), then it's not very
flexible - what happens when developers are working on more than one project.
But if we allow an arbitrary command to be executed, with any arguments,
then that's not secure. A malicious package could do nasty things like the
'rm -rf *' above.
How about we allow an arbitrary command but with no arguments?
We run it with fork and execvp rather than system, and all we pass it is the
XML filename. Is that safe? (I know very little about security.)
Damon
+---------------------------------------------------------------------+
To unsubscribe from this list, send a message to [EMAIL PROTECTED]
with the line "unsubscribe glade-devel" in the body of the message.
