Comments on: Nightly WebKit builds http://willnorris.com/2005/10/nightly-webkit-builds managing identity Fri, 21 Nov 2008 22:01:02 +0000 hourly 1 By: Will http://willnorris.com/2005/10/nightly-webkit-builds#comment-28 Will Sun, 13 Nov 2005 22:40:46 +0000 http://willnorris.com/?p=73#comment-28 <p>@AlthA: Perhaps you missed the last paragraph of my last comment where I mentioned NightShift. After downloading it and looking at it, the main additional thing it seems to support is backing up the last copy of WebKit. That could be added to this script with one additional line, but I didn't see it as a huge thing. I find it a little silly when people write full Cocoa apps to do something that can just as easily be done with a 7 line bash script. I guess I'm just more comfortable at a command line -- to each their own.</p> @AlthA: Perhaps you missed the last paragraph of my last comment where I mentioned NightShift. After downloading it and looking at it, the main additional thing it seems to support is backing up the last copy of WebKit. That could be added to this script with one additional line, but I didn’t see it as a huge thing. I find it a little silly when people write full Cocoa apps to do something that can just as easily be done with a 7 line bash script. I guess I’m just more comfortable at a command line — to each their own.

]]> By: AlthA http://willnorris.com/2005/10/nightly-webkit-builds#comment-27 AlthA Sat, 12 Nov 2005 14:34:11 +0000 http://willnorris.com/?p=73#comment-27 <p>You should look into NightShift: http://homepage.mac.com/reinholdpenner/ this does what you want and more :)</p> You should look into NightShift: http://homepage.mac.com/reinholdpenner/ this does what you want and more :)

]]> By: Will http://willnorris.com/2005/10/nightly-webkit-builds#comment-24 Will Wed, 19 Oct 2005 15:31:15 +0000 http://willnorris.com/?p=73#comment-24 <blockquote>This script is insecure because it not only runs with root privileges</blockquote> <p>Well, the script itself can be run as any user. It would only run as root if you use /etc/daily to have it run automtically (which I suggested only because it's the easiest). There are of course numerous other ways you could run the script as a non root user, such as from a user's cron job or a launchd script (which would probably be the best way really).</p> <blockquote>Someone could put a nasty link at “/tmp/webkit.dmg� which could result in you unwittingly overwriting or modifying an important file elsewhere on the filesystem.</blockquote> <p>Actually, it would only replace the link itself. I just experimented with both a soft link and hard link, and in both cases the link was replaced while the original file elsewhere on the file system was untouched. I'd be interested in hearing instructions for replicating the kind of behavior you described (though I'm pretty sure it's not possible).</p> <p>Is it insecure? arguably, but I don't think so. Is it the best way to go about it? Perhaps not. There's <a href="http://webkit.opendarwin.org/blog/?p=29#comment-230" rel="nofollow">a comment</a> on the original article about a product called NightShift that seems to do basically the same thing (though I've not looked at it, and can't really speak as to how good it is).</p>

Will wrote:

This script is insecure because it not only runs with root privileges

Well, the script itself can be run as any user. It would only run as root if you use /etc/daily to have it run automtically (which I suggested only because it’s the easiest). There are of course numerous other ways you could run the script as a non root user, such as from a user’s cron job or a launchd script (which would probably be the best way really).

Will wrote:

Someone could put a nasty link at “/tmp/webkit.dmg� which could result in you unwittingly overwriting or modifying an important file elsewhere on the filesystem.

Actually, it would only replace the link itself. I just experimented with both a soft link and hard link, and in both cases the link was replaced while the original file elsewhere on the file system was untouched. I’d be interested in hearing instructions for replicating the kind of behavior you described (though I’m pretty sure it’s not possible).

Is it insecure? arguably, but I don’t think so. Is it the best way to go about it? Perhaps not. There’s a comment on the original article about a product called NightShift that seems to do basically the same thing (though I’ve not looked at it, and can’t really speak as to how good it is).

]]> By: Tyler Durden http://willnorris.com/2005/10/nightly-webkit-builds#comment-23 Tyler Durden Wed, 19 Oct 2005 06:37:48 +0000 http://willnorris.com/?p=73#comment-23 <p>This script is insecure because it not only runs with root privileges but also writes to a predictable filename in a world-writeable directory. Someone could put a nasty link at "/tmp/webkit.dmg" which could result in you unwittingly overwriting or modifying an important file elsewhere on the filesystem. Even if you are the only person who uses your machine, you should probably get out of the habit of writing insecure shell scripts.</p> This script is insecure because it not only runs with root privileges but also writes to a predictable filename in a world-writeable directory. Someone could put a nasty link at “/tmp/webkit.dmg” which could result in you unwittingly overwriting or modifying an important file elsewhere on the filesystem. Even if you are the only person who uses your machine, you should probably get out of the habit of writing insecure shell scripts.

]]>