[Patch] Updated support for external command handlers
Martin Pool
mbp at sourcefrog.net
Tue May 10 01:53:57 BST 2005
On 9 May 2005, John A Meinel <john at arbash-meinel.com> wrote:
> Michael Ellerman wrote:
> >Before anyone picks me up on it .. I didn't add support for
> >external commands in 'bzr help commands', because that would
> >require blindly running everything in the $BZRPATH, which could be
> >dangerous, eg.
I think we can just list their names without description.
> >$ export BZRPATH=~/bin
> >$ cat ~/bin/delete-home-directory
> >#!/bin/bash
> >rm -rf ~
:-)
> I can think of a fix if you only do python scripts. First, things would
> be an import rather than a run, which is still a type of execute, but
> not as likely to remove your home directory.
The whole point of this patch (discussed before you joined I think) is
to allow people to write non-Python scripts. For python scripts we
can just import them and use the Command interface or something
similar.
> Second advantage is that you know it will be a text file, so you can
> require the second line to be '# bzr script 1 0' or some such thing.
> This gives you a version, and guarantees the file realizes it will be
> run by bzr.
zsh does this for completion scripts, but that's kind of special
because they know they'll be written in zsh and there is no better way
to define this interface.
But we can't require that it be a text file -- perverse though it
sounds some people may want to script Python from C.
> I also wonder, though, how you could prevent people from sneaking a file
> that you start auto-executing. The best I could think of is an explicit
> whitelist of extensions that you would support, and it isn't all
> that great.
chmod.
--
Martin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/bazaar/attachments/20050510/2f98cfc8/attachment.pgp
More information about the bazaar
mailing list