[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] Re: Question for Tim - testsuite.lua giant list
From: |
Jack Lloyd |
Subject: |
Re: [Monotone-devel] Re: Question for Tim - testsuite.lua giant list |
Date: |
Tue, 4 Jul 2006 14:18:46 -0400 |
User-agent: |
Mutt/1.5.11 |
On Tue, Jul 04, 2006 at 11:01:03AM -0700, Zack Weinberg wrote:
> Given that hooks already have access to os.remove and os.execute (==
> system()) I don't think adding filesystem primitives increases
> people's exposure to dangerous hooks, although I suppose an argument
> could be made for its being harder to grep for dangerous operations.
I don't know Lua at all, but would a namespacing mechanism be
possible/reasonable? Eg, os.execute -> unsafe.execute and so forth?
> I'd argue that it would be better to restrict hooks based on paths
> rather than operations (e.g. "no access to files outside the workspace
> and the temp directory") but I recognize that that is substantially
> harder.
Generalized: A (trusted) hook that is passed the operation and the
filename or args, and returns permission approved/denied. Default
implementation as you suggest. That would also allow one to, say,
limit os.execute to specific programs, or other interesting/arbitrary
restrictions. Probably a lot of work, though...
-Jack
Message not available
Re: [Monotone-devel] Question for Tim - testsuite.lua giant list, Timothy Brownawell, 2006/07/04
[Monotone-devel] Re: Question for Tim - testsuite.lua giant list, Graydon Hoare, 2006/07/04