From: Stefan Sperling Subject: Re: editor in got.conf To: Tracey Emery Cc: gameoftrees@openbsd.org Date: Sun, 13 Sep 2020 08:20:11 +0200 On Fri, Sep 11, 2020 at 04:38:36PM -0600, Tracey Emery wrote: > On Fri, Sep 11, 2020 at 08:39:54PM +0200, Stefan Sperling wrote: > > I had started writing a patch to allow configuring an editor via > > got.conf. But then I realized that this does not seem safe. > > > > The editor is an arbitrary command and neither pledge nor unveil can > > impose any restrictions on it. If a repository is shared between users > > then arbitrary command execution as one of the other users would be > > possible by configuring a malicous editor command in the repository's > > got.conf file. > > > > So instead of implementing this feature I would like to document > > why it is being rejected. > > > > Am I being too paranoid? > > > > No, and it's a weird "feature" anyway. I can't imagine wanting to use > one editor on a repo and a different editor on another. > > Do people actually do that? If the answer is yes, then the explanation > below would be needed. If the answer is no, I don't see a need, but > that's just me. Git has a config knob for this of course (core.editor). So I figure someone will want to set their editor via got.conf at some point. Not everyone is prudent about setting up environment variables. I received a confused bug report where a user fell into /bin/ed because they hadn't set up their environment. They didn't recognize ed as such, and concluded that 'got import' had frozen up. In our conversation the question arose whether users really need to tweak their shell profile to avoid this behaviour. By now I believe the answer is "yes" (and using ed as default editor is pretty effective at catching people who haven't set up their environment). Also consider that some people use multiple editors and will be looking for a per-application config knob they could use.