On Thu, Nov 18, 2010 at 02:11:30PM +0100, Mathieu Arnold wrote: > +--On 18 novembre 2010 12:29:25 +0000 "Richard W.M. Jones" > <[email protected]> wrote: > | Question is, who is responsible for stopping that from happening? I > | think the answer should involve Augeas, either doing the escaping, or > | providing hints to upper layers so we know what to escape. > > I don't think Augeas should too to much things, I see it as a very nice and > consistent way to access files, but in the end, it's me (as in the one > using Augeas) who knows what should go in those files thus sanitizing the > user input so that it does not unleash hell. > > For instance, a hostname coming from a user will always have to match > /^[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?(?:\.[a-z0-9](?:[a-z0-9-]{0,61}[a-z0-9])?)$/i > because it's what a hostname should look like at the end of the day. > > But I might (for some strange reason I can't fathom yet) want to do > something like : > hostname="`ifconfig | awk '/ether/ {gsub(\":\", \"\", $2); print $2; > exit}'`.absolight.net" > > And I would really like to be able to do the second with Augeas :-)
Indeed, hence my other suggestion that Augeas could pass some typing information (like a phantom type, in fact) up to callers so they know that the this field is not merely a string, but a string that the shell will interpret. This would allow both escaping (my case) and extended shell functionality (your case). Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones virt-df lists disk usage of guests without needing to install any software inside the virtual machine. Supports Linux and Windows. http://et.redhat.com/~rjones/virt-df/ _______________________________________________ augeas-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/augeas-devel
