[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Monotone-devel] popen replacement
|
From: |
Timothy Brownawell |
|
Subject: |
Re: [Monotone-devel] popen replacement |
|
Date: |
Sun, 18 Feb 2007 20:30:39 -0600 |
On Sun, 2007-02-18 at 20:44 +1100, William Uther wrote:
> Hi all,
>
> A while ago I came across the fact that popen was disabled in the
> Lua hooks in monotone for security reasons. Here is a patch that
> replaces it with a security conscious version (like spawn() replaces
> execute()). The 'security consciousness' is simply accepting the
> command as an array of arguments rather than a single string to be
> parsed by the shell.
>
> Returning a FILE* from C functions in Lua is tricky (there is a
> Lua FAQ on just this). This wasn't working for a while, then it was,
> and I don't understand what changed. If someone wants to look at
> that, I wouldn't mind. It would be good if people could test it on a
> bunch of different systems too...
>
> I've only implemented this on Unix. I have no windows knowledge
> or ability to test.
I'm hoping to have time to work on the Windows half moderately soon
(maybe even this week?). I can commit it once that's done.
--
Timothy
Free (experimental) public monotone hosting: http://mtn-host.prjek.net