From: Christian Kellermann
Subject: Re: [Chicken-hackers] [patch] disallow slashes in egg names, ignore .
and ..
Date: Thu, 1 Mar 2012 21:25:45 +0100
> Hi!
>
> * Christian Kellermann [120224 22:01]:
>> I would revert back to a much simpler version of this patch which
>>
Hi!
* Christian Kellermann [120224 22:01]:
> I would revert back to a much simpler version of this patch which
> is attached to this email. If there is a good reason for disallowing
> "/"s explicitly I'd love to hear about it.
Since noone picked up on this I think we should leave the client
side
On Sat, Feb 25, 2012 at 02:27:52PM -0500, John Cowan wrote:
> Peter Bex scripsit:
>
> > Is it an issue at all? Did you test it?
>
> I'm not sure what you mean by "testing it".
I'm not sure what you are talking about. Sometimes you seem to think
I'm talking about the client while I'm talking ab
Peter Bex scripsit:
> Is it an issue at all? Did you test it?
I'm not sure what you mean by "testing it". If you attempt to create
a directory named, say, "scheme++" on a Windows system (except under
Cygwin 1.7, where there is a workaround) it will fail. So if you
attempt to install such an eg
* John Cowan [120225 03:33]:
> Don't forget that there are private henrietta installs, too. At least
> I assume so from the security warning that just went out.
I have notified the list because it is an egg and I don't know
whether there are other instances. I used the henrietta script at
an old
On Fri, Feb 24, 2012 at 09:33:22PM -0500, John Cowan wrote:
> Peter Bex scripsit:
>
> > Let's not build complete omniscience of all crufty things of all OSes
> > Chicken runs on into chicken-install;
>
> No, no. I'm referring to the server side.
Is it an issue at all? Did you test it?
The lo
Peter Bex scripsit:
> Let's not build complete omniscience of all crufty things of all OSes
> Chicken runs on into chicken-install;
No, no. I'm referring to the server side.
> the matter. If there's an issue with an egg name under some OS, people
> using that OS trying to install that egg can
On Fri, Feb 24, 2012 at 04:51:57PM -0500, Mario Domenech Goulart wrote:
> > Personally I'd go with a-z, A-Z (only used by 9ML-toolkit, F-operator,
> > and miniML), 0-9, and hyphen only.
>
> We have hfs+ (http://wiki.call-cc.org/eggref/4/hfs%2B)
... which works only on MacOS. Windows' limitations
Hi John,
On Fri, 24 Feb 2012 16:46:22 -0500 John Cowan wrote:
> Personally I'd go with a-z, A-Z (only used by 9ML-toolkit, F-operator,
> and miniML), 0-9, and hyphen only.
We have hfs+ (http://wiki.call-cc.org/eggref/4/hfs%2B)
Best wishes.
Mario
--
http://parenteses.org/mario
___
On Fri, Feb 24, 2012 at 04:46:22PM -0500, John Cowan wrote:
> However, there should be a restriction on egg names when they are
> installed into henrietta, to make sure that they are portable to all
> operating systems. The safe list is a-z, 0-9, !, #, $, %, &, ', (, ),
> comma, -, ., ;, =, @, ^,
Christian Kellermann scripsit:
> Disallowing slashes is probably not the way to go here, at least
> not the way I have implemented it.
However, there should be a restriction on egg names when they are
installed into henrietta, to make sure that they are portable to all
operating systems. The saf
* Christian Kellermann [120224 21:10]:
> Dear fellow hackers,
>
> please find a patch attached to mitigate the potential security
> issue in henrietta by allowing "egg names" which can be interpreted
> as paths.
Please ignore this patch!
Disallowing slashes is probably not the way to go here, a
Dear fellow hackers,
please find a patch attached to mitigate the potential security
issue in henrietta by allowing "egg names" which can be interpreted
as paths.
Thanks to hypnocat for noticing this. Originally this has been a
misunderstanding where the user wanted to install an egg from a
local
13 matches
Mail list logo
