[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] [Patch] mtn automate lua
|
From: |
Thomas Keller |
|
Subject: |
Re: [Monotone-devel] [Patch] mtn automate lua |
|
Date: |
Sat, 06 Dec 2008 13:53:10 +0100 |
|
User-agent: |
Thunderbird 2.0.0.18 (Macintosh/20081105) |
Peter Stirling schrieb:
> The default lua libraries don't come with socket support, so network
> access isn't an issue unless you explicitly give it that.
Ah, no, I was speaking of the recent efforts of wrapping automate stdio
for an alternative standalone service, i.e. something what Thomas
Moschny did for TracMonotone.
> You can also delete library tables or functions before allowing
> user code to invoke anything to make hooks 'safe'. e.g. the io
> library.
I've seen this in monotone's code already where a couple of process
functions are disabled and replaced with own implementations. I guess
what I am speaking of is more some kind of UI / mechanism to configure /
do that in a nice and general way, i.e. the current commands
"{set,drop}_db_variable" and "genkey" should already not be allowed
here. An idea could be to expand the CMD_AUTOMATE macro with another
parameter which then would be checked for in `automate stdio` and which
would `automate stdio` prevent to be processed if it serves a socket
connection.
If I think more about it I believe one should draw the line between
commands which read or write database contents (which are public anyways
with the correct right setup [*]) and any kind of command which reads
from / writes to a local workspace or configuration file. What's kind of
ugly here is that some commands still behave differently if they're
executed with a workspace or without a workspace - we've entangled that
already for `automate get_revision` in the past (there is now a
`automate get_current_revision` which does the former job of printing
out the incomplete workspace revision), but I guess a few others are
still missing here.
Thomas.
[*] This reminds me that we don't have an authentication in place in
stdio at all, right? So put_file, put_revision and cert called over a
foreign stdio connection is still very unsafe...
--
GPG-Key 0x160D1092 | address@hidden | http://thomaskeller.biz
Please note that according to the EU law on data retention, information
on every electronic information exchange might be retained for a period
of six months or longer: http://www.vorratsdatenspeicherung.de/?lang=en
signature.asc
Description: OpenPGP digital signature
- [Monotone-devel] [Patch] mtn automate lua, Thomas Keller, 2008/12/05
- Re: [Monotone-devel] [Patch] mtn automate lua, Peter Stirling, 2008/12/05
- Re: [Monotone-devel] [Patch] mtn automate lua,
Thomas Keller <=
- Re: [Monotone-devel] [Patch] mtn automate lua, Stephen Leake, 2008/12/06
- Re: [Monotone-devel] [Patch] mtn automate lua, Thomas Keller, 2008/12/06
- Re: [Monotone-devel] [Patch] mtn automate lua, Stephen Leake, 2008/12/07
- Re: [Monotone-devel] [Patch] mtn automate lua, Stephen Leake, 2008/12/07
- Re: [Monotone-devel] [Patch] mtn automate lua, Stephen Leake, 2008/12/07
- Re: [Monotone-devel] [Patch] mtn automate lua, Thomas Keller, 2008/12/08
- Re: [Monotone-devel] [Patch] mtn automate lua, Stephen Leake, 2008/12/08
- Re: [Monotone-devel] [Patch] mtn automate lua, Thomas Keller, 2008/12/13