[Guessnet-devel] [svn] r157 - in trunk: . debian src

Fri Aug 25 18:34:42 UTC 2006

Author: enrico
Date: Fri Aug 25 18:34:20 2006
New Revision: 157

Modified:
   trunk/   (props changed)
   trunk/FAQ
   trunk/debian/changelog
   trunk/src/ProcessRunner.cc
Log:
 r411 at viaza:  enrico | 2006-08-25 19:27:56 +0100
 Removed check for existance of script file and looking for scripts with
 relative paths in the script directory: it did not add security and it was more
 confusing than useful.


Modified: trunk/FAQ
==============================================================================

--- trunk/FAQ	(original)
+++ trunk/FAQ	Fri Aug 25 18:34:20 2006
@@ -216,7 +216,6 @@
 transparent reconfiguration of the network.
 
 
-
 .. _ifupdown: http://packages.debian.org/ifupdown
 .. _ifplugd: http://packages.debian.org/ifplugd
 

Modified: trunk/debian/changelog
==============================================================================
--- trunk/debian/changelog	(original)
+++ trunk/debian/changelog	Fri Aug 25 18:34:20 2006
@@ -1,15 +1,20 @@
 guessnet (0.39-1) unstable; urgency=low
 
-  * Fixed path of arping.  Closes: #384569.
-  * Greatly improved /etc/network/interfaces examples.
-    Thanks Adeodato Simó for the patches.
-  * Applied patch from NMU.  Closes: 357182.
-    Thanks Martin Michlmayr for the patch.
-  * Added an FAQ entry on how to run tests only on some interfaces.
-    Closes: #374326.
+  * New upstream version.
+     + Ported to libwibble.
+     + Fixed path of arping.  Closes: #384569.
+     + Greatly improved /etc/network/interfaces examples.
+       Thanks Adeodato Simó for the patches.
+     + Applied patch from NMU.  Closes: 357182.
+       Thanks Martin Michlmayr for the patch.
+     + Added an FAQ entry on how to run tests only on some interfaces.
+       Closes: #374326.
+     + Removed check for existance of script file and looking for scripts with
+       relative paths in the script directory: it did not add security and
+       it was more confusing than useful.  Closes: #366549.
   * Updated Standards-Version, no change required.
 
- -- Enrico Zini <enrico at debian.org>  Fri, 25 Aug 2006 15:35:39 +0100
+ -- Enrico Zini <enrico at debian.org>  Fri, 25 Aug 2006 19:25:26 +0100
 
 guessnet (0.38-1) unstable; urgency=low
 

Modified: trunk/src/ProcessRunner.cc
==============================================================================
--- trunk/src/ProcessRunner.cc	(original)
+++ trunk/src/ProcessRunner.cc	Fri Aug 25 18:34:20 2006
@@ -73,14 +73,22 @@
 		runner.addArg("/bin/sh");
 		runner.addArg("-c");
 
+		//// This does not make any sense, since we set a reasonable path
+		//
 		// Try to find the command in known locations
-		string cmd = cmdline;
-		if (cmdline[0] != '/')
-		{
-			cmd = string(SCRIPTDIR) + "/" + cmdline;
-		}
-		if (!canRun(cmd))
-			throw wibble::exception::System("checking if " + cmd + " can be executed");
+		//string cmd = cmdline;
+		//if (cmdline[0] != '/')
+		//{
+		//	cmd = string(SCRIPTDIR) + "/" + cmdline;
+		//}
+
+		// This test does not make any sense: it does not add security against
+		// malicious PATHs, since we are executing an arbitrary shell line
+		// which can have pipelines and all sorts of other problems, it
+		// does not add a useful feature, and it adds confusion when users use
+		// relative paths and see guessnet trying to search exotic locations.
+		//if (!canRun(cmd))
+		//	throw wibble::exception::System("checking if " + cmd + " can be executed");
 		runner.addArg(cmd);
 
 		DEBUG("SCRIPT MAIN Running %.*s\n", PFSTR(cmdline));

