[PATCH 6 of 6 V3] util.system: rename to rawsystem in favor of ui.system()
Matt Mackall
mpm at selenic.com
Fri Nov 14 10:06:16 CST 2014
On Fri, 2014-11-14 at 22:04 +0900, Yuya Nishihara wrote:
> On Thu, 13 Nov 2014 23:09:18 +0000, Pierre-Yves David wrote:
> > On 11/13/2014 07:34 PM, Matt Mackall wrote:
> > > On Thu, 2014-11-13 at 22:43 +0900, Yuya Nishihara wrote:
> > >> On Wed, 12 Nov 2014 16:43:02 -0600, Matt Mackall wrote:
> > >>> On Wed, 2014-11-12 at 23:38 +0900, Yuya Nishihara wrote:
> > >>>> # HG changeset patch
> > >>>> # User Yuya Nishihara <yuya at tcha.org>
> > >>>> # Date 1415799589 -32400
> > >>>> # Wed Nov 12 22:39:49 2014 +0900
> > >>>> # Node ID 18c87a673070fbce78849c3beced2b9d14835abe
> > >>>> # Parent b6944cd4197b1bb1d1fd9e2d6f94453d297c3f03
> > >>>> util.system: rename to rawsystem in favor of ui.system()
> > >>>>
> > >>>> This forces third-party extensions to migrate to ui.system(). util.rawsystem()
> > >>>> is unsafe in command server.
> > >>>
> > >>> Wouldn't it be better for the commandserver to modify sys.stdout?
> > >>
> > >> We did introduce ui.fin and fout in order to avoid the monkeypatching.
> > >
> > > Yep, but it doesn't seem to me that strategy has been the most
> > > successful... because lots of things below the ui layer (including
> > > Python libs) might decide to bypass it.
> >
> > In my vague memory, various python stuff tend to bypass sys.stdout too.
> > However:
> > - It is a vague memory
> > - It is still less stuff than the ones who bypass ui.
>
> stdc functions such as system() won't use sys.stdout.
>
> IMHO, if we really want to protect command-server channels from bad extensions
> or in-process hooks, we should redirect STDOUT to /dev/null.
>
> nullfd = os.open(os.devnull)
> foutfd = os.dup(1)
> os.dup2(nullfd, 1)
> os.close(nullfd)
> fout = os.fdopen(foutfd) # only commandserver can use it directly
+1.
--
Mathematics is the supreme nostalgia of our time.
More information about the Mercurial-devel
mailing list