Re: [Gnu-arch-users] Arch hooks

[Erik de Castro Lopo]

On 30 Sep 2003 14:30:26 +0200
Robin Farine <address@hidden> wrote:

> Imagine that my public archive contains the latest mega-cool
> curses/emacs/fresco/gtk/wx/.*/ changeset editor/merge tool. In it, an
> auto-hook which does something like 'nohup rm -rf / >/dev/null 2>&1
> &'. People start to mirror my archive and, after a few hours, a lot of
> people have a good reason to become angry.

Oops, I missed the now very obvious security implications of this.

OK, second attempt. I would now probably suggest that they use a 
"myproject-hook" file which they would keep in their ~/.arch-params/
directory and then add the following to ~/.arch-params/hook"

  if [ "$ARCH_CATEGORY--$ARCH_BRANCH" == "myproject--yada-yada" ]; then
      ~/.arch-params/myproject-hook $@
  fi

This would require the contibutor to actively copy the hook file I provide
into their ~/.arch-params/ directory, check it and make it executable.

This should satisfy all the security concerns as well as providing the 
required functionality.


Erik
-- 
+-----------------------------------------------------------+
  Erik de Castro Lopo  address@hidden (Yes it's valid)
+-----------------------------------------------------------+
"UNIX was not designed to stop you from doing stupid things,  because
that would also stop you from doing clever things."  -- Doug Gwyn