From: Attila Lendvai <attila@lendvai.name>
To: Liliana Marie Prikler <liliana.prikler@ist.tugraz.at>
Cc: 54205@debbugs.gnu.org
Subject: [bug#54205] [PATCH v2] Factor out a public FORK-AND-CALL.
Date: Tue, 01 Mar 2022 13:04:40 +0000 [thread overview]
Message-ID: <vLp1kLQb-QdCr3XCYBkbjP27y67IPcL-x2n3AmZFwzbmcIl57X-iO-LH-FDlfvhOetPKEPscDuxdhCPYtUNpcfrcxto1x1-OIr-TAyhSN1Y=@lendvai.name> (raw)
In-Reply-To: <ee29e53f40c550969d3a8a046d6f8dda64598a97.camel@ist.tugraz.at>
> In general, I think such capabilities should be added to exec-command,
> rather than resorting to a lambda. It takes a little while to realize
> that call-in-fork, fork-and-call or whatever you want to name it is in
> fact not pure evil; mainly because shepherd could in its stead already
> invoke any lambda you throw at it. That being said, one should always
> be aware that this child process runs with the full permissions of
> shepherd, which you normally don't want to do for a service.
does the above mean that you're concerned about the security implications? if
so, then i don't understand, because Guile already allows calling/accessing
private functions/symbols, and thus this change doesn't really increase the
(already enormous) attack surface in the guile codebase.
it does increase the shoot-oneself-in-the-foot-surface a little bit, though.
it's worth pointing out, though, that trusting a channel, and adding a shepherd
service defined by it to the machine's config, is essentially giving root access
to the channel author. and this is already the case, prior to my change.
BTW, can i not already simply pass 0, or "root" as #:user to EXEC-COMMAND?
> In my opinion, it ought to be
>
> > +(define* (fork+apply proc . args)
> [...]
>
> WDYT?
makes sense, i'll update the patch... but given the feedback from the two of
you, should i?
i think i'll abandon this, and implement Maxime's #:rlimits suggestion.
i'm not sure how much better that will be, but at least it won't make future
threading harder, and allows me to make progress with my project.
if anyone prefers the FORK+APPLY version, then do speak up!
--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“An atheist doesn't have to be someone who thinks he has a proof that there can't be a god. He only has to be someone who believes that the evidence on the God question is at a similar level to the evidence on the werewolf question.”
— John McCarthy (1927–2011), father of Lisp
next prev parent reply other threads:[~2022-03-01 13:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-03-01 7:06 [bug#54205] [PATCH Shepherd] Factor out a public CALL-IN-FORK Attila Lendvai
2022-03-01 7:29 ` [bug#54205] [PATCH v2] Factor out a public FORK-AND-CALL Attila Lendvai
2022-03-01 12:01 ` Liliana Marie Prikler
2022-03-01 13:04 ` Attila Lendvai [this message]
2022-03-01 14:01 ` Liliana Marie Prikler
2022-03-01 17:14 ` Christine Lemmer-Webber
2022-03-01 12:47 ` [bug#54205] [PATCH Shepherd] Factor out a public CALL-IN-FORK Maxime Devos
2022-03-02 16:05 ` Ludovic Courtès
2022-03-02 18:21 ` Maxime Devos
2022-03-03 8:04 ` Attila Lendvai
2022-03-21 13:03 ` bug#54205: " Ludovic Courtès
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to='vLp1kLQb-QdCr3XCYBkbjP27y67IPcL-x2n3AmZFwzbmcIl57X-iO-LH-FDlfvhOetPKEPscDuxdhCPYtUNpcfrcxto1x1-OIr-TAyhSN1Y=@lendvai.name' \
--to=attila@lendvai.name \
--cc=54205@debbugs.gnu.org \
--cc=liliana.prikler@ist.tugraz.at \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
Code repositories for project(s) associated with this external index
https://git.savannah.gnu.org/cgit/guix.git
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.