chicken-hackers
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Chicken-hackers] [patch] disallow slashes in egg names, ignore . an

From: Peter Bex
Subject: Re: [Chicken-hackers] [patch] disallow slashes in egg names, ignore . and ..
Date: Sat, 25 Feb 2012 20:47:08 +0100
User-agent: Mutt/1.4.2.3i 
On Sat, Feb 25, 2012 at 02:27:52PM -0500, John Cowan wrote:
> Peter Bex scripsit:
> 
> > Is it an issue at all?  Did you test it?
> 
> I'm not sure what you mean by "testing it".

I'm not sure what you are talking about.  Sometimes you seem to think
I'm talking about the client while I'm talking about the server and
sometimes you say you're talking about the server but you seem to be
talking about the client.

By "testing it", I mean playing out whatever horror scenario you have
in mind.  Presumably that's running a henrietta instance on Unix and
pulling stuff from it with chicken-install running on Windows.

> > The locate-egg/local procedure in setup-download.scm contains various
> > checks like whether the target directory exists and actually is a
> > directory.  I'm pretty sure that crapload of reserved names Windows
> > has are mostly device aliases, which means they're not directories.
> > Hence, it will already DTRT.
> 
> You seem to be still talking about the client side. 

No, the mentioned code in setup-download is used by henrietta.  I know,
that's confusing.

> Again, I am talking about the server side.  Right now, you can create an egg 
> called
> "aux.macros" and non-Windows installations can safely download it, but
> on Windows installations it will fail for the same reasons that the
> "scheme++" egg will.

Sounds more like a client problem to me.

> > If you managed to get a local copy of an egg with a particular name,
> > by definition it means that that name is allowed under your OS;
> > it doesn't make sense to check that against a blacklist (which by
> > definition will always be incomplete).
> 
> Which is why I want the blacklisting to be done *on the server side*.

Even if that server is on Unix?  Even if I run an internal henrietta
installation for my private in-house eggs that are only ever deployed
on Unix and not even visible to the outside world?

> They are the ones stuck with it.  There is code that relies on being
> able to open "con" and "lpt0" and "nul" no matter what the current
> directory is, and they are committed to supporting that code forever.

They are idiots.

> It isn't a problem today, but that's because it so happens that nobody
> has created an egg with a restricted character in it yet, except for
> "hfs+" which happens not to be useful on Windows.

And that's absolutely fine.

> I want to prevent it from being a problem in future.

And I think that's not necessary.  If someone creates an egg which
happens to be used on Windows a ticket can be filed asking the
egg author to rename it.

> most people won't even bump up against the restrictions anyway.

IMO that's an argument _not_ to weigh down the server's implementation
with additional code to deal with this cruft.

Cheers,
Peter
-- 
http://sjamaan.ath.cx
--
"The process of preparing programs for a digital computer
 is especially attractive, not only because it can be economically
 and scientifically rewarding, but also because it can be an aesthetic
 experience much like composing poetry or music."
                                                        -- Donald Knuth
reply via email to
[Prev in Thread] Current Thread [Next in Thread]