The most of the functions could be overloaded.
You could overload those functions, filter options out and pass the new options
to the original function which starts with and '_' underscore.
The most of the CMake module files could also be overloaded.
Hope it helps
Best regards
Roman
> Am
Hi,
For those who may be interested I will leave this message here.
Mentioned package (dependency) manager is C++ Archive Network.
https://cppan.org/
It generates CMakeLists.txt from specification files.
It manages packages' dependencies, versions, different OSs (it's
crossplatform from very
Hi Chuck,
> Is this intended to run on Linux?
Yes. And thanks for the pointing out to SELinux. I'll add it to my checklist.
---
The system is on very early stages now, so its parts are changing
rapidly and I'm able to consider different approaches to its
subsystems (including security).
But I
Hi Egor,
Is this intended to run on Linux? If so, I think you're FAR better off
leveraging an existing security framework like SELinux, since it's actually
designed from the ground up to enforce these types of controls. You could
define a label that you place on the executables run by the
Hi Egor,
On Sat, Aug 20, 2016 at 1:48 PM, Egor Pugin wrote:
> Hi,
>
> I'm working on a package manager based on cmake.
Please rethink that approach. Your package manager should support
CMake. It should not be based on it. Your design will be safer and
more flexible.
> What is the attack you want to stop? What are bad scripts and commands in
> this context?
I wrote them in the first message. For example,
- any cmake commands that use COMMAND keyword (execute_process(COMMAND
...), add_custom_{command|target}(...) etc. This will deny any user
scripts, programs
Hi Egor,
Am 21.08.2016 12:34 schrieb "Egor Pugin" :
>
> > What are the attack scenarios you want to defend against? What should
not be possible in your system that currently is in CMake?
>
> At least downloading or executing bad scripts and commands.
What is the attack you
> What are the attack scenarios you want to defend against? What should not be
> possible in your system that currently is in CMake?
At least downloading or executing bad scripts and commands.
> That forces me to keep more state in my head when reading CMakeLists.txt
> files.
CMake files are
CMake is not and can never be a replacement for a package manager. They
serve entirely different roles. While you can extend CMake to give it
the ability to build and install all sorts stuff, that does not make it
a package manager. It's a convenient way to build a complex set of
Hi Tobias,
You are right at many points. It's hard to really secure the system
from build system/build artifacts/3rd party apps.
But step by step it's possible to decrease number of potential sources
of vulnerabilities.
Described cmake features would be very helpful for this.
Right now I'm just
Hi Egor,
Am 20.08.2016 13:48 schrieb "Egor Pugin" :
>
> Hi,
>
> I'm working on a package manager based on cmake.
> And some cmake instructions are downloaded with user packages.
> I'd like to have an ability to deny some cmake features in such
> external untrusted
11 matches
Mail list logo