[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Gnu-arch-users] Re: Re: Future of GNU Arch, bazaar and bazaar-ng ..

From: John A Meinel
Subject: Re: [Gnu-arch-users] Re: Re: Future of GNU Arch, bazaar and bazaar-ng ... ?
Date: Tue, 23 Aug 2005 04:38:08 -0500
User-agent: Mozilla Thunderbird 1.0.6 (Macintosh/20050716)

Matthieu MOY wrote:
> martin f krafft said:


> I don't know how bzr can handle this. If there's support for sandboxing in
> Python, the plugin system of bzr can probably implement this in an elegant
> and secure way.

If you are talking about restricted execution (rexec), last time I read
the code, it was abandoned. As in, still there, but if you actually use
it, it throws an exception.

The problem is that the new style classes give you about 20 ways to
break out of the cage, and nobody stepped up to lock it down farther.

The specific example is this (I think you need at least python2.3):


This gives you a <type 'type'> object. I forget exactly how you go from
here, but there is basically a way to turn this into just about any
other class.

Anyway, just to say, right now, plugins are trusted code (ie you have to
trust them not to do bad things). This is risky to do as an
archive-manage hook.
The current access controls to a bzr archive are simply filesystem
permissions, so they fall about the same as Arch. Perhaps when the smart
server is implemented, this will be extended to something finer grained
(like monotones allowed keys).


Attachment: signature.asc
Description: OpenPGP digital signature

reply via email to

[Prev in Thread] Current Thread [Next in Thread]