• Do not register here on develop.twiki.org, login with your twiki.org account.
• Use View topic Item7848 for generic doc work for TWiki-6.1.1. Use View topic Item7851 for doc work on extensions that are not part of a release. More... Close
• Anything you create or change in standard webs (Main, TWiki, Sandbox etc) will be automatically reverted on every SVN update.
Does this site look broken?. Use the LitterTray web for test cases.

Some questions about the Sandbox.pm:

  1. why do readFromProcessArray and readFromProcess have different interfaces
  2. why does readFromProcessArray exist anyway
  3. can be have a SandboxContrib.pm for Cairo (OT)
  4. will there be a security release for Cairo that makes use of the Sandbox stuff wherever possible (OT)
  5. what about all the FIXMEs: who takes care of that?
  6. there are different flavours of communication with external processes depending of what the platform supports; some of that stuff is mark as non-functional; who will test?

Bottom line: we must assure dakars security mechanism. This stuff isn't ready yet.

-- TWiki::Main.MichaelDaum

The sndbox code is a bit of a mess. It looks like the safe pipes were implemented, and the left rest hanging. Note that even the safe pipes code isn't right; it throws away STDERR. - TWiki:Main.MichaelDaum

While we're on the topic, error reporting from RcsWrap upwards is done using a mixture of error returns and exceptions. the error returns are rarely checked, so there are probably errors in there being ignored. This is unforgivable.

CC

Done, SVN 4560.

  1. Moved all methods with knowledge of the file system into the store impl modules (Rcs*).
  2. Changed all error reporting and trapping from store to use exceptions
  3. Fixed all (I hope) the bugs that it revealed.
  4. One of the main things fixed was the Sandbox. I have been unable to test on Windows, but judging from comments on the web it should work now with ActiveState Perl. There were several errors.
  5. Changed the RCS methods so that they no longer do 'last minute' untainting. Instead, untainting is done when the data is first read, which avoids the risk of tainted data propagating through the system. The new UNTAINTED method in Assert is a big help there.
  6. Had to rewrite the TestFixturePlugin to parse the HTML for differencing, as HTML::Diff (the CPAN module) was crashing on unbalanced tags.
  7. Updated and ran all tests and TestCases.

Unit tests all pass, testcases all pass, and exercising the code seems to be OK, but this check in is almost certain to highlight more existing errors in the code that were not being detected previously.

CC

ItemTemplate
Summary Fix the sandbox, and error reporting.
ReportedBy TWiki:Main.MichaelDaum
Priority Urgent
CurrentState Closed
WaitingFor

Edit | Attach | Watch | Print version | History: r4 < r3 < r2 < r1 | Backlinks | Raw View |  Raw edit | More topic actions
Topic revision: r4 - 2005-07-11 - TWikiGuest
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2024 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback