[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#170069: ITP: grunt -- Secure remote execution via UUCP or e-mail using GPG



On Fri, Nov 22, 2002 at 12:43:28AM -0500, Joey Hess wrote:
> This could me especially amusing if the first, delayed email was:
> 
>   cd /tmp
> 
> And the second was:
> 
>   rm -rf *
> 
> (Dumb contrived example, but you get the idea.)

I think the lesson here is that grunt is not a transparent
replacement, for say ssh, but a tool that you have to think about
using before using it.

So, you could include both commands in the one email, and it
would be OK.

Or you could include the full path in the second E-Mail, and assuming it
isn't tricked by any of these race conditions surrounding /tmp, then it
would be OK too.

Yes, it is a dumb contrived example, I don't think grunt would preserve
the current working directory...

So you might have serious problems even if the order of the messages
was correct.
--
Brian May <bam@debian.org>



Reply to: