Questions about Customization Dirs

Bert Freudenberg bert at freudenbergs.de
Wed Jun 11 07:26:41 EDT 2008


On 11.06.2008, at 05:57, Michael Stone wrote:

>
> A while ago, Walter mentioned that we'd like to be able to customize  
> things
> like keyboard and internationalization settings. These settings are  
> loaded by a
> program called 'olpc-session' maintained in the olpc-utils package.
>
> Unfortunately, when I set out to implement support for this feature, I
> discovered two questions which I couldn't answer:
>
> 1) What should we call the customizations directory?
>
>   ~/customizations
>   ~/.customizations
>   ~/.envdir ?
>   ~/<your suggestion here>

Why not

~/.olpc

or

~/.olpcsession

which would match the "olpc-session" program name?


> 2) How should we process the contents?
>
>   At present, olpc-session _sources_ ~/.kbd and ~/.i18n. If we  
> permit these
>   files to be modified by customization key, then we have  
> immediately offered
>   any attacker a root-level shell injection attack available on the  
> next
>   reboot.
>
>   Can we force these files to match strict (safe) regular expressions?
>
>   Should we write a careful parser for the intended values?
>
>   Other options?


Good catch. Do we need anything more than setting variables? If not, a  
parser should be reasonably simple to write (and certainly someone has  
done so before).

- Bert -





More information about the Devel mailing list