Open Zhann opened 10 years ago
mimor
commented
10 years ago Perhaps list a few commonly (safe) used ones, give a warning a-la 'Are you sure you want to do this?' We could work with a 'whitelist' that you can populate with what you consider as safe.
Zhann
commented
10 years ago Thing is that I don't know what's the best way forward. Blacklists are a bad idea since you have to treat every unknown command as dangerous. Whitelists, like you mention, not so. But the logic will be fairly complex if you need to whitelist stuff like $ [ "$(ls -A /foo/)" ] || (cat /bar/file | grep 'stuff') and make sure not to whitelust stuff like :(){ :|:& };: # fork bomb.
What I have in mind at the moment is that you could use subcommands, something like:
bunka grep 'foo /path/to/bar'
bunka file-exists '/foo/bar'
bunka dir-exists '/foo/bar/'
And that you can still use regular stuff with:
bunka exec 'touch /foo/bar' 'name:web*
And that this exec subcommand would prompt you with something like:
This will run `touch /foo/bar` on the following servers:
web1
web2
web3
Are you sure you want to do this? [y/N]If anyone's got any better ideas, feel free to share. But at the moment I think this would be the easiest way forward without adding too much complexity,
jeroenj
commented
10 years ago I'd say that @Zhann's approach will be the safest. It will involve more work, but to me it seems the right way to go.
We should think about making subcommands for commonly used patterns (e.g. grep, test, ...). The way it works now, bunka is too dangerous/destructive. One
bunka -t 'rm -fr /'and you can close business.