X-Authentication-Warning: delorie.com: mail set sender to geda-user-bounces using -f X-Recipient: geda-user AT delorie DOT com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :content-type; bh=8hDT+AYDcWoBz1/HWTvlI74tcnTPWgdNiulDS97S8/E=; b=cM9XrDxjPGZA3JLEZ2r5ByWxYZvalU745KW+K3WQA1hDzedUrgmS20zFDQt7yoyvIA AExIZvbGNiX04sjKPBeBgL+TQGFxsNuGmg9Nd38w5eoQ5fPuQ++cJcOpjAOvvURc3yFT khJkvid/jl+iPiMCQP3D8DbRDcMDXl1hubYx76GVE25U0n2u7XW4BJPwQeCq/PgeXYeO 6vMDDNbD+puwXy9i/q9Uac2RYCB8NLIcvpt8kIb3xJgXFZTB4NLc2ljZZ+zgwMpgr1Q3 9Rzl87KJfiO+glhJPw85tDV36k6n7vFuKD+JFvBx7LehgtnxI62Qeyg5br786g9PIZbx ApFg== MIME-Version: 1.0 X-Received: by 10.182.103.232 with SMTP id fz8mr880746obb.59.1423189665592; Thu, 05 Feb 2015 18:27:45 -0800 (PST) In-Reply-To: <201502060200.t1620YDd010606@envy.delorie.com> References: <201502060200 DOT t1620YDd010606 AT envy DOT delorie DOT com> Date: Thu, 5 Feb 2015 21:27:45 -0500 Message-ID: Subject: Re: [geda-user] Using Lua to safely read configuration and layout files (program attached) From: Jason White To: geda-user AT delorie DOT com Content-Type: text/plain; charset=UTF-8 Reply-To: geda-user AT delorie DOT com Errors-To: nobody AT delorie DOT com X-Mailing-List: geda-user AT delorie DOT com X-Unsubscribes-To: listserv AT delorie DOT com Precedence: bulk On Thu, Feb 5, 2015 at 9:00 PM, DJ Delorie wrote: > > This isn't a technical problem, it's a policy problem. "Executable > data" is a justified trigger for paranoia, and we should avoid it. DJ, The files are just data, their is nothing executable about them. This is simply using a parser to store numbers and strings on a stack, this no different that what geda already does except it uses a preexisting library to accomplish it. The parser is incapable of affecting the system, all it can do it push numbers and strings onto its stack. -- Jason White