|
From: | Aaron Bentley |
Subject: | Re: [Gnu-arch-users] Re: Default version for star-merge (and more) |
Date: | Tue, 13 Jul 2004 17:54:28 -0400 |
User-agent: | Mozilla Thunderbird 0.5 (X11/20040309) |
Tom Lord wrote:
> From: Aaron Bentley <address@hidden>> I suppose a way around the security issue is to *always* have an > +aliases, and require the user to do something to copy aliases from > =aliases to +aliases.Better: just be sure that no name (command argument) is interpreted as an alias unless the user uses a very distinctive syntax (e.g., :parent rather than parent).
Oh, I was talking about the security implications of somone replacing an existing alias. Say a there was an in-tree alias devo = address@hidden/tla--devo--1.3, and I tricked someone into replacing it with devo = address@hidden/tla--haxored--1.3 by including that change with a bunch of bugfixes.
I've been using prefixless aliases for a while now, and I think as long as valid revision/version names are never expanded, they're pretty safe.
Unfortunately, some commands like "get" can take a category, and categories look a lot like aliases.
Aaron -- Aaron Bentley Director of Technology Panometrics, Inc.
[Prev in Thread] | Current Thread | [Next in Thread] |