Author: intrigeri Date: To: The Tails public development discussion list Subject: Re: [Tails-dev] Please test pre-commit hook for po files
u: > intrigeri:
>> u:
>>> ln -s ../../wiki/src/contribute/l10n_tricks/pre-commit .
>>
>> This caught my eye before I could test this.
>>
>> I'd rather not ask all Tails contributors to run code, on every
>> commit, that lives in a section of our website that's publicly
>> writable. Please consider moving this script to bin/ :) > With a notion of 'public' that allows only some people to write here, right?
In theory, yes. I was definitely over-simplifying things above.
You seem to be interested in the longer version of my reasoning so
I'll write it up:
- I believe that the only thing that prevent ikiwiki.cgi from
allowing anyone with an Internet connection to edit arbitrary files
under wiki/src/ is our lockedit plugin configuration.
There's already been security issues in this part of the ikiwiki
code so I'd rather not rely on it when we can cheaply avoid it.
- For various reasons we tend to review changes under wiki/src/ less
carefully than other changes so if someone exploited an ikiwiki bug
and modified that pre-commit hook, chances are their code would run
on a number of our systems before someone notices the problem.
So yeah, in theory, assuming no software bugs, it's safe to put such
code under wiki/src/; but it increases attack surface a fair bit, with
no substantial benefit I can think of, so let's err on the safe side,
as you did already, thanks!
Now, this hook runs wiki/src/contribute/l10n_tricks/check_po.sh so the
problem I'm describing above is still there. This could not fixed in
pre-commit hook by calling submodules/jenkins-tools/slaves/check_po
directly instead of going through the symlink.
> I moved it to bin/ and will resend the email now.