Questions about Customization Dirs
Dafydd Harries
dafydd.harries at collabora.co.uk
Wed Jun 11 14:55:30 EDT 2008
Ar 10/06/2008 am 23:57, ysgrifennodd Michael Stone:
>
> A while ago, Walter mentioned that we'd like to be able to customize things
> like keyboard and internationalization settings. These settings are loaded by a
> program called 'olpc-session' maintained in the olpc-utils package.
>
> Unfortunately, when I set out to implement support for this feature, I
> discovered two questions which I couldn't answer:
>
> 1) What should we call the customizations directory?
>
> ~/customizations
> ~/.customizations
> ~/.envdir ?
> ~/<your suggestion here>
I lean towards preferring .-prefixed names.
> 2) How should we process the contents?
>
> At present, olpc-session _sources_ ~/.kbd and ~/.i18n. If we permit these
> files to be modified by customization key, then we have immediately offered
> any attacker a root-level shell injection attack available on the next
> reboot.
>
> Can we force these files to match strict (safe) regular expressions?
Seems like an entirely reasonable requirement...
> Should we write a careful parser for the intended values?
...therefore this should be doable.
--
Dafydd
More information about the Devel
mailing list