[augeas-devel] FreeBSD /etc/rc.conf
Richard W.M. Jones
rjones at redhat.com
Thu Nov 18 13:23:22 UTC 2010
On Thu, Nov 18, 2010 at 02:11:30PM +0100, Mathieu Arnold wrote:
> +--On 18 novembre 2010 12:29:25 +0000 "Richard W.M. Jones"
> <rjones at redhat.com> wrote:
> | Question is, who is responsible for stopping that from happening? I
> | think the answer should involve Augeas, either doing the escaping, or
> | providing hints to upper layers so we know what to escape.
>
> I don't think Augeas should too to much things, I see it as a very nice and
> consistent way to access files, but in the end, it's me (as in the one
> using Augeas) who knows what should go in those files thus sanitizing the
> user input so that it does not unleash hell.
>
> For instance, a hostname coming from a user will always have to match
> /^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?)$/i
> because it's what a hostname should look like at the end of the day.
>
> But I might (for some strange reason I can't fathom yet) want to do
> something like :
> hostname="`ifconfig | awk '/ether/ {gsub(\":\", \"\", $2); print $2;
> exit}'`.absolight.net"
>
> And I would really like to be able to do the second with Augeas :-)
Indeed, hence my other suggestion that Augeas could pass some typing
information (like a phantom type, in fact) up to callers so they know
that the this field is not merely a string, but a string that the
shell will interpret. This would allow both escaping (my case) and
extended shell functionality (your case).
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/
More information about the augeas-devel
mailing list