etiquette of sharing executable files

classic Classic list List threaded Threaded
12 messages Options
Reply | Threaded
Open this post in threaded view
|

etiquette of sharing executable files

mick crane
As per recent post ( don't want to trash somebody's home directory ) I
was wondering what is the etiquette of sharing executable files.
I've never really thought about giving executable files to anybody but
just recently while I'm getting my bits of code to work I was thinking
"I have to be a bit careful what I put here because I might delete
something I'd be unhappy about.
And then hmmm, if I did give this to somebody else if they didn't know
what did what they might trash they're home directory.
I decided to follow the advice and not delete anything and I don't need
to need to renumber now.
And I decided to go through everything and put in error checking as much
as able.
So the question is about the etiquette.
Install scripts could make directories willy nilly in user home
directory but you might think that could be rude ?
And what happens if by mischance there already exists a directory with
the same name ?
I think the way would be to make a tar file with the wanted
subdirectories and the executable that doesn't touch anything except the
directories in the directory it is untarred within.
seems with
use File::Basename;
use Cwd ;
you can check if the basename is equal to the directory it's supposed to
be in and die if not.
Now I just need to make the executable not writeable and have the
several variables in a text file that I get in some fashion.
Do those things seem like sensible considerations for exchanging
executables ?

mick

--
Key ID    4BFEBB31

Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

Richard Hector
On 7/07/19 7:34 AM, mick crane wrote:
> As per recent post ( don't want to trash somebody's home directory ) I
> was wondering what is the etiquette of sharing executable files.
> I've never really thought about giving executable files to anybody but
> just recently while I'm getting my bits of code to work I was thinking
> "I have to be a bit careful what I put here because I might delete
> something I'd be unhappy about.
> And then hmmm, if I did give this to somebody else if they didn't know
> what did what they might trash they're home directory.

Yes, you should be careful about what your scripts do. And it doesn't
only apply to executables.

I was asked for my ssh keys to give me access to a server. I obviously
wasn't thinking clearly enough, and created a tar file with my
authorized_keys in it. They extracted it directly into .ssh ... and
overwrote all their existing keys.

Mistakes on both parts :-(

Richard



signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

Richard Owlett-3
In reply to this post by mick crane
On 07/06/2019 02:34 PM, mick crane wrote:
> As per recent post ( don't want to trash somebody's home directory ) I
> was wondering what is the etiquette of sharing executable files. ...

A starting point would be becoming familiar with "Filesystem Hierarchy
Structure"(FHS).

https://www.tldp.org/LDP/Linux-Filesystem-Hierarchy/html/
https://wiki.debian.org/FilesystemHierarchyStandard

Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

john doe-6
In reply to this post by mick crane
On 7/6/2019 9:34 PM, mick crane wrote:

> As per recent post ( don't want to trash somebody's home directory ) I
> was wondering what is the etiquette of sharing executable files.
> I've never really thought about giving executable files to anybody but
> just recently while I'm getting my bits of code to work I was thinking
> "I have to be a bit careful what I put here because I might delete
> something I'd be unhappy about.
> And then hmmm, if I did give this to somebody else if they didn't know
> what did what they might trash they're home directory.
> I decided to follow the advice and not delete anything and I don't need
> to need to renumber now.
> And I decided to go through everything and put in error checking as much
> as able.
> So the question is about the etiquette.
> Install scripts could make directories willy nilly in user home
> directory but you might think that could be rude ?

Then test if the script is run as root and restrict where the script can
work in (/tmp/...)

> And what happens if by mischance there already exists a directory with
> the same name ?

Use as part of your directory name a random string:

- Define a variable that holds the directory name with that random string
- Die if that directory already exist or generate a new name

The name of the directory could have the form:

directory.random-string

https://metacpan.org/pod/String::Random

> I think the way would be to make a tar file with the wanted
> subdirectories and the executable that doesn't touch anything except the
> directories in the directory it is untarred within.
> seems with
> use File::Basename;
> use Cwd ;
> you can check if the basename is equal to the directory it's supposed to
> be in and die if not.
> Now I just need to make the executable not writeable and have the
> several variables in a text file that I get in some fashion.
> Do those things seem like sensible considerations for exchanging
> executables ?

Why not requiring the argument as script parameter instead of using a
var file.:

$ ./xxx.pl arg1 arg2 arg3 ...


You can never assume that your script will be used the way it should be
so you need to make it as secure as possible and document the script
usage with a README file for example (step 1, step 2 ...).

Be verbose as possible in your script by progress messages, error handler.

That is every questions that you ask here should be addressed in your
script! :)

--
John Doe

Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

Nicolas George-4
john doe (12019-07-07):
> You can never assume that your script will be used the way it should be
> so you need to make it as secure as possible and document the script
> usage with a README file for example (step 1, step 2 ...).

Dissenting opinion:

Unless there is a deliberate attempt at misdirection, the responsibility
of how a program is used does not fall on the author but on the users.
This is especially true for Libre software.

Make sure your program behave in a sane way, make sure you follow all
guidelines for good programming, including security and reliability
considerations. But that is all.

DO NOT TRY TO SECOND-GUESS THE USER.

There are few things I find more annoying than programs that refuse to
what I tell them to do allegedly for my own protection. I am smarter
than any program, and that will stay true in the foreseeable future. I
think the same applies to most people here.

Regards,

--
  Nicolas George

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

andreimpopescu
In reply to this post by john doe-6
On Du, 07 iul 19, 11:58:21, john doe wrote:

>
> Use as part of your directory name a random string:
>
> - Define a variable that holds the directory name with that random string
> - Die if that directory already exist or generate a new name
>
> The name of the directory could have the form:
>
> directory.random-string
>
> https://metacpan.org/pod/String::Random
As far as I know Perl has dedicated modules for creating temporary files
(and directories) in a safe and secure way.

This usually involves including some random string in the name.

Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

tomas@tuxteam.de
In reply to this post by john doe-6
On Sun, Jul 07, 2019 at 11:58:21AM +0200, john doe wrote:

> On 7/6/2019 9:34 PM, mick crane wrote:
> > As per recent post ( don't want to trash somebody's home directory ) I
> > was wondering what is the etiquette of sharing executable files.
> > I've never really thought about giving executable files to anybody but
> > just recently while I'm getting my bits of code to work I was thinking
> > "I have to be a bit careful what I put here because I might delete
> > something I'd be unhappy about.
> > And then hmmm, if I did give this to somebody else if they didn't know
> > what did what they might trash they're home directory.
> > I decided to follow the advice and not delete anything and I don't need
> > to need to renumber now.
> > And I decided to go through everything and put in error checking as much
> > as able.
> > So the question is about the etiquette.
> > Install scripts could make directories willy nilly in user home
> > directory but you might think that could be rude ?
>
> Then test if the script is run as root and restrict where the script can
> work in (/tmp/...)
>
> > And what happens if by mischance there already exists a directory with
> > the same name ?
>
> Use as part of your directory name a random string:
Please. Don't reinvent that wheel. Use mktemp and family. Available
as (C) library function, shell command and Perl module (use File::Temp
for that). I'm sure other languages with enough roots in an Unix-like
operating system will have some variation on that.

It's not exactly trivial to roll that on your own and avoid collisions
and/or race conditions.

Cheers
-- tomás

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

tomas@tuxteam.de
In reply to this post by Nicolas George-4
On Sun, Jul 07, 2019 at 12:06:36PM +0200, Nicolas George wrote:

[...]

> DO NOT TRY TO SECOND-GUESS THE USER.

+100

-- t

signature.asc (205 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

andreimpopescu
In reply to this post by mick crane
On Sb, 06 iul 19, 20:34:35, mick crane wrote:
> As per recent post ( don't want to trash somebody's home directory ) I was
> wondering what is the etiquette of sharing executable files.

In my opinion one can't possibly anticipate all the ways a software can
be (mis)used, users are ultimately responsible for their own systems.

An appropriate disclaimer (according to method of distribution) should
be enough.

In case you put it up somewhere public or there is the slightest chance
it will live longer than one-time use it would be nice to potential
(future) users to also specify a licence for it[1].

E.g. in case of a script I published on Salsa I just added the Expat
license in the body of the script, which covers both of the above.

[1] my personal recommendation: MIT/Expat for small stuff, GPL 2/3/+ for
bigger stuff. The licences should probably not be longer than the code
itself ;)

Kind regards,
Andrei
--
http://wiki.debian.org/FAQsFromDebianUser

signature.asc (849 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

David Christensen
In reply to this post by mick crane
On 7/6/19 12:34 PM, mick crane wrote:

> As per recent post ( don't want to trash somebody's home directory ) I
> was wondering what is the etiquette of sharing executable files.
> I've never really thought about giving executable files to anybody but
> just recently while I'm getting my bits of code to work I was thinking
> "I have to be a bit careful what I put here because I might delete
> something I'd be unhappy about.
> And then hmmm, if I did give this to somebody else if they didn't know
> what did what they might trash they're home directory.
> I decided to follow the advice and not delete anything and I don't need
> to need to renumber now.
> And I decided to go through everything and put in error checking as much
> as able.
> So the question is about the etiquette.
> Install scripts could make directories willy nilly in user home
> directory but you might think that could be rude ?
> And what happens if by mischance there already exists a directory with
> the same name ?
> I think the way would be to make a tar file with the wanted
> subdirectories and the executable that doesn't touch anything except the
> directories in the directory it is untarred within.
> seems with
> use File::Basename;
> use Cwd ;
> you can check if the basename is equal to the directory it's supposed to
> be in and die if not.
> Now I just need to make the executable not writeable and have the
> several variables in a text file that I get in some fashion.
> Do those things seem like sensible considerations for exchanging
> executables ?

I suggest that you create a Perl distribution using h2xs(1):

https://www.oreilly.com/library/view/programming-perl-4th/9781449321451/ch19s05.html


The end result of this process is a *.tar.gz file, which you can give to
people and they can use as follows:

     # extract distribution tarball
     # change working directory into distribution tree root
     $ perl Makefile.PL
     $ make
     $ make test
     $ make install


Once installed, your Perl modules and/or scripts are available to the user.


Optionally, you can upload your Perl distribution to CPAN.  This will
make the distribution available to anyone with an Internet connection:

https://en.wikipedia.org/wiki/Comprehensive_Perl_Archive_Network


Also optionally, you can put your Perl distribution into a Debian
package (I am not familiar with how to submit Debian packages to the
Debian project for inclusion in Debian):

https://metacpan.org/pod/distribution/DhMakePerl/dh-make-perl


David

Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

Greg Wooledge
In reply to this post by Nicolas George-4
On Sun, Jul 07, 2019 at 12:06:36PM +0200, Nicolas George wrote:
> DO NOT TRY TO SECOND-GUESS THE USER.

While I absolutely agree with that, I would also add:

DO SENSIBLE THINGS BY DEFAULT.

That is, if the user doesn't tell you what to do, try to do the most
common, or the safest, thing.  But if the user explictly tells you to
do something, you do it.

Nuking a pre-existing directory's files, for example, is not a sensible
thing to do by default.  BUT, if the user uses the --wipe-files option
with the --directory /home/me option, then by all means, nuke those files.

Reply | Threaded
Open this post in threaded view
|

Re: etiquette of sharing executable files

Dan Purgert
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Greg Wooledge wrote:

> On Sun, Jul 07, 2019 at 12:06:36PM +0200, Nicolas George wrote:
>> DO NOT TRY TO SECOND-GUESS THE USER.
>
> While I absolutely agree with that, I would also add:
>
> DO SENSIBLE THINGS BY DEFAULT.
>
> That is, if the user doesn't tell you what to do, try to do the most
> common, or the safest, thing.  But if the user explictly tells you to
> do something, you do it.
>
> Nuking a pre-existing directory's files, for example, is not a sensible
> thing to do by default.  BUT, if the user uses the --wipe-files option
> with the --directory /home/me option, then by all means, nuke those files.

The one time I scripted rm, i tested it with a mv to /tmp first.  saved
my bacon.

and i learned an important lesson about quoting substitutions.


-----BEGIN PGP SIGNATURE-----

iQEzBAEBCAAdFiEEBcqaUD8uEzVNxUrujhHd8xJ5ooEFAl0jy+EACgkQjhHd8xJ5
ooF7AQf+N0e66GKISjAmHZ0ay8jBGhM2sJKtOZlZsXibdLY7nbcCE8NpRPXffCxn
kVDoHL8R804Sq9HYuyYy6UmncjmTHySqx8COzGeJJ7mkL/2Hhc2QoyD7dniXRlGh
QK/8e+VjKyCLoVZ2n8iZMEsqyXdp8JVClogNRYRv7viqSVrfBi74DNFqLORbXfZ3
nA8aO6k5uHN0xw9beEMTZOQ6ZxILh6fXox/ti2WdGXu/bxWq6Ld8KYBTXiNAyPrt
nu1gSHTWcOu9pbVdM5rrcqBg8TpnTWoJh1bZCp+cvB6Y87KYliniOTmEgbdI7FqV
M5GxwkE/ZeDGw+97cnQh0SWIl3xTng==
=/D6j
-----END PGP SIGNATURE-----

--
|_|O|_|
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281