-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
On Thu, Jul 23, 2020 at 05:45:56PM +0000, WillyPillow wrote:
> One issue is that from the qrexec client side it is basically impossible to
> distinguish between the two. (Consider the case where a field contains
> `xxx\na:b:c`.)
If there are more colons that there are supposed to be, there is no need to
distinguish anything anymore, just error out for "malformed input" or
something.
In Python I like to do it with tuple assingment:
try:
field1, field2, field3 = untrusted_line.split(':')
except TypeError:
raise ParseError('error message')
It's as simple as that. The big advantage is that there aren't many ways to do
something wrong.
> Security-wise, this is unlikely to cause issues as an entity that can do this
> can probably modify the repo contents directly.
The point is, we don't know. The repo content is untrusted, and yes, attacker
can modify it. What counts is signature on RPM.
> However, if the repo, by accident, does contain packages with, say, colons in
> summaries, it may be an issue usability-wise as it's hard to give meaningful
> error messages when things break.
"Malformed input" is OK. If we break loudly, template maintainers (the honest
among them) won't publish such summary, because it will break.
> There's also the original issue with descriptions (assuming that we don't omit
> them), which contains newlines a lot of the time.
>
> That being said, if we treat such errors as "repo errors" and leave to the
> repo
> maintainers to ensure that the fields follow a certain format, then we can
> just
> use a special character for the separator [5] and ban the character from the
> fields.
Yes, and IIUC the current proposal is to have ':' as that special character.
Am I missing something?
> [5]: The separator may also need to be placed at the end of the format string.
I don't think so.
- --
pozdrawiam / best regards
Wojtek Porczyk
Graphene / Invisible Things Lab
I do not fear computers,
I fear lack of them.
-- Isaac Asimov
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEEaO0VFfpr0tEF6hYkv2vZMhA6I1EFAl8bCdQACgkQv2vZMhA6
I1ElCw/8DBbV8tFs46g/7YKvGOES16ajMbV696vX4TP9rl/uJr8BZWQCu//lfJWe
XZkI4YzNn/ntL9Nb7OEcMDEPiWCMOAD86yl5mcVdYPkgDssFBBdF6hxITqyGQDfc
pYbL11v2L7P1EFWYIfrsJ8cLkQ70qgUPTc8beVGqP9DA/q2hdYnIEDdML1BWqXh6
2nWKbYAeaVj4jeWHvEjvMkvv/mLMfsyE7epZM1I2un7LbYFxBXp/+OKfmHO/+/kV
2c4xuGr0d/8IbtZsIYn+n61YfajE4idITdio3c2uxibN+FVmovWYdDeFRJSJS0FW
8iJOg/kc4nCjocNYh5CHK3HVF/geW/2GzAa/Bjip5FdnJFQNBtjlMfP2uh/2Mg2p
qyZGRYG2/cwZw67WQd/v5Wj0ZnDyyGjHdCUGo8EICIsf/fNG80Pp0gpwRwal6naZ
b5A2y4GrSBSVR85p8HNO9GROWGQW4ObQLJwQbmzav9KrSGCXq9EBF4XlQTNhaKw8
qHCi9YnPw1ph4bsailQRDB+AKOhgzo761Ne5XPjU0uFJlERz+CEadNs5c+Mjw3vv
nTXHANkqelDru8R4t5MJizcxBa29cq8WxS2hS5PC79zxAVPwfDjGVYTAnIOYAG0S
tJ5U9E4QQPDo2VzMH1XHcfM0h4K4Y4qA+kW33GP0n2xRSrh0zus=
=Dusq
-----END PGP SIGNATURE-----
--
You received this message because you are subscribed to the Google Groups
"qubes-devel" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to qubes-devel+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/qubes-devel/20200724161828.GE2122%40invisiblethingslab.com.
