[RFC PATCH v2 0/1] Introduce UCI support for configuring DSA VLAN filter rules

mail at adrianschmutzler.de mail at adrianschmutzler.de
Wed Jul 15 08:38:14 EDT 2020


> -----Original Message-----
> From: openwrt-devel [mailto:openwrt-devel-bounces at lists.openwrt.org]
> On Behalf Of Jo-Philipp Wich
> Sent: Mittwoch, 15. Juli 2020 14:19
> To: mail at adrianschmutzler.de; openwrt-devel at lists.openwrt.org
> Subject: Re: [RFC PATCH v2 0/1] Introduce UCI support for configuring DSA
> VLAN filter rules
> 
> Hi,
> 
> > I'm not sure whether using an asterisk is wise here, as it might pose
> > interesting problems when people use scripts to set/evaluate uci
> > config (as you have to be extra careful to not have it treated as a
> > wildcard.) I'd be happy if we could find another symbol here.
> 
> hm, can you elaborate on the problem here? Scripts which use uci values
> verbatim without quoting are prone to any kind of shell injection flaws, not
> sure if papering over such deficiencies is the way to go here.

I'm not having a specific case in mind; and of course you are right about unquoted values.
However, I just tend to not use certain special characters as a symbol without need as there always will be a case where "problems" show up later. For example, one might create interesting effects when using sed on uci config values (same would be true for the dot in swconfig at the moment, I admit).

Of course, this is just for consideration, I won't insist on it if you think the asterisk is a superior solution here.

Best

Adrian

> 
> ~ Jo
-------------- next part --------------
A non-text attachment was scrubbed...
Name: openpgp-digital-signature.asc
Type: application/pgp-signature
Size: 834 bytes
Desc: not available
URL: <http://lists.openwrt.org/pipermail/openwrt-devel/attachments/20200715/96a27e8c/attachment.sig>


More information about the openwrt-devel mailing list