[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
Re: gEDA-bug: [Bug 700333] Re: Local configuration should be parsed, not evaluated
On Thursday 13 January 2011 19:59:20 you wrote:
> Spec looks ok - I guess you wanted it to map nicely to GKeyFile or similar
> "ini" file structure. How about Scheme hooks? s-expr evaluation would be
> difficult here, and config file would accommodate this type of data. Maybe
> a config value with list of extra Scheme files to load - it would have to
> be forbidden/ignored in the "per project" configuration context.
That's correct; my current plan is to use GKeyFile as the storage layer. But
I'd quite like to hide the underlying implementation from the API user, so
that if it comes up towards 1.8.0 and we realise that GKeyFile doesn't cut the
mustard then we only have to change libgeda. ;-)
For per-project Scheme code, my current plan was to allow all config files to
specify plugins to load, but to only allow setting the plugin search path in
user and system config files. I.e. you should have to get the user to install
your nasty Scheme code in an approved plugins directory *and* get them to load
your dodgy gEDA files. Nothing in a config file should *ever* be evaluated.
Once the API spec is done we need to go through *all* the existing "things
people can do in rc files" and work out whether they can be migrated directly,
or whether other changes are needed to facilitate the change (for example,
component libraries, colour maps and print paper sizes all need to have their
underlying mechanisms looked at & possible altered). That'll give us a check
on whether the new config API can actually fulfil all of the roles that it
needs to fill, and, as a side benefit, will provide the information we need to
implement a migration tool to help users upgrade.
It's going to be pretty dull work, unfortunately, but I think it's important
to make sure that if we're going to rip out the existing configuration system
we replace it with something that's going to do the job and do it well!
--
You received this bug notification because you are a member of gEDA Bug
Team, which is a direct subscriber.
https://bugs.launchpad.net/bugs/700333
Title:
Local configuration should be parsed, not evaluated
Status in GPL Electronic Design Automation tools:
Confirmed
Bug description:
affects geda
security yes
private no
done
Currently, per-directory rc files are evaluated as Scheme scripts. This
is an arbitrary code execution security risk. For example, users (and
in particular *new* users) are likely to want to download and open
designs from elsewhere, and almost all designs include a 'gafrc' file to
set up per-project component libraries.
Instead of being evaluated, local configuration files should be parsed.
This way it would be much harder to craft malicious designs.
An example of a parsable configuration file format is the resource file
format used by PCB.
In addition, a tool should be developed for migrating existing designs'
rc files to the any configuration system.
_______________________________________________
geda-bug mailing list
geda-bug@xxxxxxxxxxxxxx
http://www.seul.org/cgi-bin/mailman/listinfo/geda-bug