Hi Ander, On Fri, Nov 13, 2015 at 05:05:09PM +0200, Ander Conselvan de Oliveira wrote: > Introduce DIM_POST_APPLY_ACTION to dimrc that allows the user to specify > a command to be run after a patch is applied. Use eval so enviroment > variables can be overriden with the option. For example: > > DIM_POST_APPLY_ACTION="EDITOR=\"gedit -w\" git commit --amend" So an attacker wishing to smuggle a backdoor into the Linux kernel only needs to find a way to modify that environment variable on an Intel developers' machine. If dim is invoked with $EDITOR set, this should be inherited to child processes anyway, so it seems unnecessary to call eval. Just my 2 cents, Lukas > > Signed-off-by: Ander Conselvan de Oliveira <ander.conselvan.de.oliveira@xxxxxxxxx> > --- > dim | 2 +- > dimrc.sample | 3 +++ > 2 files changed, 4 insertions(+), 1 deletion(-) > > diff --git a/dim b/dim > index db92c57..b7c7ef7 100755 > --- a/dim > +++ b/dim > @@ -383,7 +383,7 @@ function dim_apply > commit_add_tag "Link" "http://patchwork.freedesktop.org/patch/msgid/$message_id"; > fi > > - git commit --amend & > + eval $DRY $DIM_POST_APPLY_ACTION > } > > function magic_patch > diff --git a/dimrc.sample b/dimrc.sample > index 5687eaf..9f30cb2 100644 > --- a/dimrc.sample > +++ b/dimrc.sample > @@ -21,3 +21,6 @@ > # Mail User Agent supporting a subset of mutt(1) command line options: > # [-s subject] [-i file] [-c cc-addr] to-addr [...] > #DIM_MUA=mutt > + > +# Command to run after dim apply > +#DIM_POST_APPLY_ACTION=git commit --amend > -- > 2.4.3 > > _______________________________________________ > Intel-gfx mailing list > Intel-gfx@xxxxxxxxxxxxxxxxxxxxx > http://lists.freedesktop.org/mailman/listinfo/intel-gfx _______________________________________________ Intel-gfx mailing list Intel-gfx@xxxxxxxxxxxxxxxxxxxxx http://lists.freedesktop.org/mailman/listinfo/intel-gfx
