On Mon, Jun 11, 2007 at 04:46:50PM +0200, Stanislav Višňovský wrote:
Dňa Po 11. Jún 2007 16:31 Duncan Mac-Vicar Prett napísal:
- url variables "plugins": -> provide the basc ones built-in (arch, releasever, etc) -> in zypp.conf [url-variables] foo=/somescript.sh
or by convention (just drop a script in /etc/zypp/urlvars/foo )
I expect the location to be root-writeable only ;-) This might be a big security hole if done improperly.
Yes, remember that with yast2-metapackage-handler.rpm and related browser enablement, the user can cause much processing of untrusted data before being asked for confirmation. We should explicitly drop root privileges for the variable plugins, plus watch out for a DoS. -- Martin Vidner, YaST developer http://en.opensuse.org/User:Mvidner Kuracke oddeleni v restauraci je jako fekalni oddeleni v bazenu -- To unsubscribe, e-mail: zypp-devel+unsubscribe@opensuse.org For additional commands, e-mail: zypp-devel+help@opensuse.org