[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Key decryption for automate stdio usage Was: Re: [Monotone-devel] re
From: |
Thomas Keller |
Subject: |
Re: Key decryption for automate stdio usage Was: Re: [Monotone-devel] review of nvm.automate_out_of_band |
Date: |
Sat, 28 Nov 2009 22:11:22 +0100 |
User-agent: |
Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; de; rv:1.9.1.5) Gecko/20091121 Lightning/1.0b1pre Thunderbird/3.0 |
Am 28.11.09 22:02, schrieb Timothy Brownawell:
> Thomas Keller wrote:
>> I'd have to test this out, but I'm sure you can give --rcfile to every
>> command invocation and since this particularily extends the functional
>> namespace of lua the more recent functions there should overwrite "old"
>> versions, i.e.
>>
>> function get_passphrase()
>> return "foo"
>> end
>>
>> function get_passphrase()
>> return "bar"
>> end
>>
>> io.write(get_passphrase())
>>
>> should print "bar" to stdout, so it shouldn't be a problem.
>
>
> $ for i in ?.lua; do echo "*** " $i; cat $i; done
> *** i.lua
> function foo()
> io.stderr:write("i\n")
> end
> *** x.lua
> function foo()
> io.stderr:write("x\n")
> end
> *** y.lua
> function foo()
> io.stderr:write("y\n")
> end
>
>
> $ { echo o6:rcfile5:x.luael3:lua3:fooe;
> echo o6:rcfile5:y.luael3:lua3:fooe; } |
> mtn -d :memory: --rcfile i.lua au stdio >/dev/null
> i
> i
>
>
>
> ...no, looks like --rcfile given on individual commands doesn't take. I
> guess because we call app.lua.load_rcfiles() in monotone.cc but not in
> the automate stdio loop, maybe this should be changed? Or maybe it
> shouldn't, since with remote_stdio this could be a problem if someone
> untrusted can write somewhere on the filesystem and call even
> interface_version.
How so? A file given to --rcfile is a remote file, so a foreign user
might only load additional, previously existing lua files, right? Of
course he could upload via ftp or something else a malicious lua file
and load that into remote_stdio - so maybe this option should be
disabled for that use case in general?
Thomas.
--
GPG-Key 0x160D1092 | address@hidden | http://thomaskeller.biz
Please note that according to the EU law on data retention, information
on every electronic information exchange might be retained for a period
of six months or longer: http://www.vorratsdatenspeicherung.de/?lang=en
signature.asc
Description: OpenPGP digital signature
- [Monotone-devel] review of nvm.automate_out_of_band, Thomas Keller, 2009/11/17
- Re: [Monotone-devel] review of nvm.automate_out_of_band, Timothy Brownawell, 2009/11/21
- Re: [Monotone-devel] review of nvm.automate_out_of_band, Thomas Keller, 2009/11/22
- Key decryption for automate stdio usage Was: Re: [Monotone-devel] review of nvm.automate_out_of_band, Thomas Keller, 2009/11/26
- Re: Key decryption for automate stdio usage Was: Re: [Monotone-devel] review of nvm.automate_out_of_band, Timothy Brownawell, 2009/11/28
- Re: Key decryption for automate stdio usage Was: Re: [Monotone-devel] review of nvm.automate_out_of_band, Thomas Keller, 2009/11/28
- Re: Key decryption for automate stdio usage Was: Re: [Monotone-devel] review of nvm.automate_out_of_band, Timothy Brownawell, 2009/11/28
- Re: Key decryption for automate stdio usage Was: Re: [Monotone-devel] review of nvm.automate_out_of_band,
Thomas Keller <=
- Re: Key decryption for automate stdio usage Was: Re: [Monotone-devel] review of nvm.automate_out_of_band, Stephen Leake, 2009/11/29
- Re: [Monotone-devel] review of nvm.automate_out_of_band, Thomas Keller, 2009/11/26
- Re: [Monotone-devel] review of nvm.automate_out_of_band, Stephen Leake, 2009/11/27
- Re: [Monotone-devel] review of nvm.automate_out_of_band, Timothy Brownawell, 2009/11/27
- Re: [Monotone-devel] review of nvm.automate_out_of_band, Thomas Keller, 2009/11/27
- Re: [Monotone-devel] review of nvm.automate_out_of_band, Timothy Brownawell, 2009/11/28
- Re: [Monotone-devel] review of nvm.automate_out_of_band, Thomas Keller, 2009/11/28
- Re: [Monotone-devel] review of nvm.automate_out_of_band, Timothy Brownawell, 2009/11/28