| 1 |
-----BEGIN PGP SIGNED MESSAGE----- |
| 2 |
Hash: SHA1 |
| 3 |
|
| 4 |
On 05/12/2014 01:08 PM, Micha³ Górny wrote: |
| 5 |
> Dnia 2014-05-12, o godz. 12:07:11 |
| 6 |
> "Rick \"Zero_Chaos\" Farina" <zerochaos@g.o> napisa³(a): |
| 7 |
> |
| 8 |
>> What about talking to local network resources? In my metasploit ebuild |
| 9 |
>> it has tests available which talk to a local database and are perfectly |
| 10 |
>> safe, however, if postgresql is started on the system the tests don't |
| 11 |
>> work, the ebuild needs to start it's own postgresql to run the tests. |
| 12 |
> |
| 13 |
> How can you assume that the tests are perfectly safe? What do the tests |
| 14 |
> do exactly? |
| 15 |
> |
| 16 |
|
| 17 |
As stated just below, the tests are not poorly written. All testing is |
| 18 |
done in a test DB which is different from the production DB. |
| 19 |
|
| 20 |
>> This seems a bit needless in my package, but likely saves others from |
| 21 |
>> poorly written tests. Do we want to allow access to system network |
| 22 |
>> services or block them? Right now they are blocked, and that's going to |
| 23 |
>> make the src_test function on my ebuild expand into near insanity to fix. |
| 24 |
> |
| 25 |
> I'd rather not get into allowing exceptions for the rule without |
| 26 |
> knowing a good use case first. I can expand on that once the previous |
| 27 |
> question is answered. |
| 28 |
> |
| 29 |
I wouldn't necessarily ask for this either, I'm just bringing to the |
| 30 |
attention of the ML as this could be an issue for more than metasploit |
| 31 |
and pymongodb. |
| 32 |
|
| 33 |
> I wouldn't call spawning a daemon that close to insanity. For those who |
| 34 |
> haven't seen such a thing yet -- dev-python/pymongo is an example where |
| 35 |
> I fixed a similar issue (writing into production database). Though it's |
| 36 |
> bit hacky since I needed a way to bind to a random free port -- with |
| 37 |
> network namespaces it'd be easier as Rich noted, since the ebuild would |
| 38 |
> have all ports free. |
| 39 |
> |
| 40 |
That would be nice, can we do the network namespaces so that I at least |
| 41 |
don't have to bind to a random port? That alone would be a major |
| 42 |
improvement in usability. |
| 43 |
|
| 44 |
Personally, I would love to be able to talk to localhost outside the |
| 45 |
ebuild, but if everyone agrees that is too dangerous then I don't feel I |
| 46 |
am qualified to disagree. |
| 47 |
|
| 48 |
- -Zero |
| 49 |
-----BEGIN PGP SIGNATURE----- |
| 50 |
Version: GnuPG v2.0.22 (GNU/Linux) |
| 51 |
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ |
| 52 |
|
| 53 |
iQIcBAEBAgAGBQJTcQNMAAoJEKXdFCfdEflKuNEP/34dIuiPCFLqLBUnCPJDQ3JW |
| 54 |
RVrhfOoqLyyixS18rYqTNeTDBDBrnICtsZ7T47ycs9fKbN81cgSUOrMQw/qai8/v |
| 55 |
jDBPUNb9YTs2BJ22GtNw0OBPbGc81GEBLc36P5etS5ymDPwbThSsSTo90cOiZweS |
| 56 |
IQgHkN0ZUDxmgG/q53GSU1IONZzNU3nSt+yrd90h40Vbo2PuAC4O+fz0m3jEGV5C |
| 57 |
WX+h5W+BCLStPerOV/VNySqQ3uo5poi3wXc3o4ojgpH1ejXo0dJ4fn6KHZxema52 |
| 58 |
JH3K3VSn2Mr60wo/43kDRmA4TtYSNbxMAH2aykAJ3WklZf3a82O0Z+++Sad84zTJ |
| 59 |
khpJwMHJkWAGTRibxpLIQ4lSjuCwAD/WCTHRw2i8PQPWtDJNGETaGFiBwtNZRexe |
| 60 |
2kXZbpr3TqdwfY9WgDU4pB4QpRk7UYKSVgktSIU+yY4zGH6R2LaoUs/uQDntP/1F |
| 61 |
RYtdxV4glZ8qeOq9hmT3hnzVt/Pvj/sm+oPVJRRurz+X5FJIBGUkEFzqIXisE12E |
| 62 |
3xUxsMQfjfOh4Io5y45iQjoYw30GdNU2t47IhTMHy1Cg9ZW5Lodx5qYiXy6JOww9 |
| 63 |
rLXVYa7u8f9emrQZChDd3+OeODU09O/YaakNhHv6gxpcVAOj9G9BMKMh0LHxSY6P |
| 64 |
X0lKgUDxyzYSDNBhaiCn |
| 65 |
=Vi4y |
| 66 |
-----END PGP SIGNATURE----- |
Archives