[PATCH 06/10] parser: Use full regexps for delegation rules paths
Finucane, Stephen
stephen.finucane at intel.com
Thu Jan 7 04:17:09 AEDT 2016
On 05 Jan 09:38, Johannes Berg wrote:
> On Mon, 2016-01-04 at 10:00 +0000, Finucane, Stephen wrote:
>
> > > I agree with your concerns but haven't given them a thought to be honest.
> > > Right now only patchwork admins can changes the rules, but as you mention we
> > > might not trust them.
>
> Frankly, I'm not quite sure of the permissions model, and even what
> "admin" means.
>
> I'm "maintainer" of the linux-wireless project on the kernel.org
> patchwork, and in that role I think I should be able to change the
> auto-delegate settings.
> However, the kernel.org server admin might not trust me with arbitrary
> regexps.
>
> > Could we use fnmatch instead? This is the suggestion on StackOverflow
> > [1] and
> > documentation for the function suggests that the grammar is a very
> > simple one
> > without the possibility for backrefs or other "dangerous" things [2].
>
> I see no problem with that.
>
> johannes
Actually, this patch adds regex support in place of the fnmatch already
used. In light of the security risks, I'm reluctant to add support for
this in its current form. Far as I see it, we can either avoid regex
support or if it's valuable enough to include, make it an optional
feature that can be enabled/disabled accordingly. I'd rather the former
for simplicity, though I don't have any visibility into how useful this
is so I'd like input. Thoughts?
Stephen
More information about the Patchwork
mailing list