Questions about Customization Dirs
Bert Freudenberg
bert at freudenbergs.de
Wed Jun 11 07:26:41 EDT 2008
On 11.06.2008, at 05:57, Michael Stone wrote:
>
> A while ago, Walter mentioned that we'd like to be able to customize
> things
> like keyboard and internationalization settings. These settings are
> loaded by a
> program called 'olpc-session' maintained in the olpc-utils package.
>
> Unfortunately, when I set out to implement support for this feature, I
> discovered two questions which I couldn't answer:
>
> 1) What should we call the customizations directory?
>
> ~/customizations
> ~/.customizations
> ~/.envdir ?
> ~/<your suggestion here>
Why not
~/.olpc
or
~/.olpcsession
which would match the "olpc-session" program name?
> 2) How should we process the contents?
>
> At present, olpc-session _sources_ ~/.kbd and ~/.i18n. If we
> permit these
> files to be modified by customization key, then we have
> immediately offered
> any attacker a root-level shell injection attack available on the
> next
> reboot.
>
> Can we force these files to match strict (safe) regular expressions?
>
> Should we write a careful parser for the intended values?
>
> Other options?
Good catch. Do we need anything more than setting variables? If not, a
parser should be reasonably simple to write (and certainly someone has
done so before).
- Bert -
More information about the Devel
mailing list