[Guessnet-devel] [svn] r157 - in trunk: . debian src
Enrico Zini
enrico at costa.debian.org
Fri Aug 25 18:34:42 UTC 2006
Author: enrico
Date: Fri Aug 25 18:34:20 2006
New Revision: 157
Modified:
trunk/ (props changed)
trunk/FAQ
trunk/debian/changelog
trunk/src/ProcessRunner.cc
Log:
r411 at viaza: enrico | 2006-08-25 19:27:56 +0100
Removed check for existance of script file and looking for scripts with
relative paths in the script directory: it did not add security and it was more
confusing than useful.
Modified: trunk/FAQ
==============================================================================
--- trunk/FAQ (original)
+++ trunk/FAQ Fri Aug 25 18:34:20 2006
@@ -216,7 +216,6 @@
transparent reconfiguration of the network.
-
.. _ifupdown: http://packages.debian.org/ifupdown
.. _ifplugd: http://packages.debian.org/ifplugd
Modified: trunk/debian/changelog
==============================================================================
--- trunk/debian/changelog (original)
+++ trunk/debian/changelog Fri Aug 25 18:34:20 2006
@@ -1,15 +1,20 @@
guessnet (0.39-1) unstable; urgency=low
- * Fixed path of arping. Closes: #384569.
- * Greatly improved /etc/network/interfaces examples.
- Thanks Adeodato Simó for the patches.
- * Applied patch from NMU. Closes: 357182.
- Thanks Martin Michlmayr for the patch.
- * Added an FAQ entry on how to run tests only on some interfaces.
- Closes: #374326.
+ * New upstream version.
+ + Ported to libwibble.
+ + Fixed path of arping. Closes: #384569.
+ + Greatly improved /etc/network/interfaces examples.
+ Thanks Adeodato Simó for the patches.
+ + Applied patch from NMU. Closes: 357182.
+ Thanks Martin Michlmayr for the patch.
+ + Added an FAQ entry on how to run tests only on some interfaces.
+ Closes: #374326.
+ + Removed check for existance of script file and looking for scripts with
+ relative paths in the script directory: it did not add security and
+ it was more confusing than useful. Closes: #366549.
* Updated Standards-Version, no change required.
- -- Enrico Zini <enrico at debian.org> Fri, 25 Aug 2006 15:35:39 +0100
+ -- Enrico Zini <enrico at debian.org> Fri, 25 Aug 2006 19:25:26 +0100
guessnet (0.38-1) unstable; urgency=low
Modified: trunk/src/ProcessRunner.cc
==============================================================================
--- trunk/src/ProcessRunner.cc (original)
+++ trunk/src/ProcessRunner.cc Fri Aug 25 18:34:20 2006
@@ -73,14 +73,22 @@
runner.addArg("/bin/sh");
runner.addArg("-c");
+ //// This does not make any sense, since we set a reasonable path
+ //
// Try to find the command in known locations
- string cmd = cmdline;
- if (cmdline[0] != '/')
- {
- cmd = string(SCRIPTDIR) + "/" + cmdline;
- }
- if (!canRun(cmd))
- throw wibble::exception::System("checking if " + cmd + " can be executed");
+ //string cmd = cmdline;
+ //if (cmdline[0] != '/')
+ //{
+ // cmd = string(SCRIPTDIR) + "/" + cmdline;
+ //}
+
+ // This test does not make any sense: it does not add security against
+ // malicious PATHs, since we are executing an arbitrary shell line
+ // which can have pipelines and all sorts of other problems, it
+ // does not add a useful feature, and it adds confusion when users use
+ // relative paths and see guessnet trying to search exotic locations.
+ //if (!canRun(cmd))
+ // throw wibble::exception::System("checking if " + cmd + " can be executed");
runner.addArg(cmd);
DEBUG("SCRIPT MAIN Running %.*s\n", PFSTR(cmdline));
More information about the Guessnet-devel
mailing list