Matthieu MOY wrote: > martin f krafft said: ...
> I don't know how bzr can handle this. If there's support for sandboxing in > Python, the plugin system of bzr can probably implement this in an elegant > and secure way. If you are talking about restricted execution (rexec), last time I read the code, it was abandoned. As in, still there, but if you actually use it, it throws an exception. The problem is that the new style classes give you about 20 ways to break out of the cage, and nobody stepped up to lock it down farther. The specific example is this (I think you need at least python2.3): None.__class__.__class__ This gives you a <type 'type'> object. I forget exactly how you go from here, but there is basically a way to turn this into just about any other class. Anyway, just to say, right now, plugins are trusted code (ie you have to trust them not to do bad things). This is risky to do as an archive-manage hook. The current access controls to a bzr archive are simply filesystem permissions, so they fall about the same as Arch. Perhaps when the smart server is implemented, this will be extended to something finer grained (like monotones allowed keys). John =:->
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnu-arch-users mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnu-arch-users GNU arch home page: http://savannah.gnu.org/projects/gnu-arch/
