[PATCH 6 of 6 V3] util.system: rename to rawsystem in favor of ui.system()

Yuya Nishihara yuya at tcha.org
Fri Nov 14 07:04:43 CST 2014


On Thu, 13 Nov 2014 23:09:18 +0000, Pierre-Yves David wrote:
> On 11/13/2014 07:34 PM, Matt Mackall wrote:
> > On Thu, 2014-11-13 at 22:43 +0900, Yuya Nishihara wrote:
> >> On Wed, 12 Nov 2014 16:43:02 -0600, Matt Mackall wrote:
> >>> On Wed, 2014-11-12 at 23:38 +0900, Yuya Nishihara wrote:
> >>>> # HG changeset patch
> >>>> # User Yuya Nishihara <yuya at tcha.org>
> >>>> # Date 1415799589 -32400
> >>>> #      Wed Nov 12 22:39:49 2014 +0900
> >>>> # Node ID 18c87a673070fbce78849c3beced2b9d14835abe
> >>>> # Parent  b6944cd4197b1bb1d1fd9e2d6f94453d297c3f03
> >>>> util.system: rename to rawsystem in favor of ui.system()
> >>>>
> >>>> This forces third-party extensions to migrate to ui.system(). util.rawsystem()
> >>>> is unsafe in command server.
> >>>
> >>> Wouldn't it be better for the commandserver to modify sys.stdout?
> >>
> >> We did introduce ui.fin and fout in order to avoid the monkeypatching.
> >
> > Yep, but it doesn't seem to me that strategy has been the most
> > successful... because lots of things below the ui layer (including
> > Python libs) might decide to bypass it.
> 
> In my vague memory, various python stuff tend to bypass sys.stdout too. 
> However:
> - It is a vague memory
> - It is still less stuff than the ones who bypass ui.

stdc functions such as system() won't use sys.stdout.

IMHO, if we really want to protect command-server channels from bad extensions
or in-process hooks, we should redirect STDOUT to /dev/null.

  nullfd = os.open(os.devnull)
  foutfd = os.dup(1)
  os.dup2(nullfd, 1)
  os.close(nullfd)
  fout = os.fdopen(foutfd)  # only commandserver can use it directly

Regards,


More information about the Mercurial-devel mailing list