On Sun, Jul 10, 2011 at 05:17:49PM -0500, Chris Adams wrote: > Once upon a time, Matthew Garrett <mjg59@xxxxxxxxxxxxx> said: > > And that's a bad thing to do. You're sourcing your configuration in an > > unsanitised environment. There's a huge number of ways that this can go > > wrong depending on the admin's local configuration, which is clearly > > undesirable. > > And an admin can break a config file. What is the difference? Please > enumerate some of the "huge number of ways that this can go wrong" in > real world examples (not made-up things like overriding IFS). A malformed configuration file will cause a parse error. A malformed shell script may execute arbitrary code depending on a wide range of factors that are outside the control of the author. You're obviously right that this usually won't be a problem, but if you're writing a configuration file it's also trivially obvious that a restricted grammar that restricts the behaviour to anything the daemon is designed to do is technically preferable to one that allows anything to happen. Program defensively, and do the same for packaging. -- Matthew Garrett | mjg59@xxxxxxxxxxxxx -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
