[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnu-arch-users] Arch hooks
From: |
Erik de Castro Lopo |
Subject: |
Re: [Gnu-arch-users] Arch hooks |
Date: |
Wed, 1 Oct 2003 06:55:09 +1000 |
On 30 Sep 2003 14:30:26 +0200
Robin Farine <address@hidden> wrote:
> Imagine that my public archive contains the latest mega-cool
> curses/emacs/fresco/gtk/wx/.*/ changeset editor/merge tool. In it, an
> auto-hook which does something like 'nohup rm -rf / >/dev/null 2>&1
> &'. People start to mirror my archive and, after a few hours, a lot of
> people have a good reason to become angry.
Oops, I missed the now very obvious security implications of this.
OK, second attempt. I would now probably suggest that they use a
"myproject-hook" file which they would keep in their ~/.arch-params/
directory and then add the following to ~/.arch-params/hook"
if [ "$ARCH_CATEGORY--$ARCH_BRANCH" == "myproject--yada-yada" ]; then
~/.arch-params/myproject-hook $@
fi
This would require the contibutor to actively copy the hook file I provide
into their ~/.arch-params/ directory, check it and make it executable.
This should satisfy all the security concerns as well as providing the
required functionality.
Erik
--
+-----------------------------------------------------------+
Erik de Castro Lopo address@hidden (Yes it's valid)
+-----------------------------------------------------------+
"UNIX was not designed to stop you from doing stupid things, because
that would also stop you from doing clever things." -- Doug Gwyn
[Gnu-arch-users] Arch hooks, Mark A. Flacy, 2003/09/30