[Koha-bugs] [Bug 7804] Add Koha Plugin System

Mon May 21 23:12:18 CEST 2012

http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7804

--- Comment #25 from Kyle M Hall <kyle.m.hall at gmail.com> ---
> As for why I think this is necessary, consider a plugin which is nothing but
> a one-line forkbomb. Having an executable file doesn't even require someone
> to follow an API. They can simply download one of the gazillion of examples
> of how to take down your server with one line (just, what, 9 characters if
> you're using bash?), zip it up with your example ini file, and bring down
> the server. Or a plugin which actually just contains a command line script
> for reinitializing your Koha database for testing. Accidentally zip that up
> with your plugin, have someone connect to it (and there's no need for
> authentication to access a plugin, notice!), and your production server is
> pristine. Like the cheese shop, it is very clean.

I understand your examples, but I feel like this is more of a buyer beware
issue. If you are uploading random plugins to your system without vetting them
first, then of course you will have problems, Module::Load::Conditional or not!

The design is meant to have plugins deal with their own authentication. My
examples do indeed use C4::Auth::checkauth for authentication.

After examining the issues involved, I just feel that this requirement is very
very onerous, and would require huge amounts of time to understand and
implement.

If you could please show me how Module::Load::Conditional would prevent any of
your scenarios from taking place, I may reconsider my position. However, as it
stands, even with said implementation, I could easily write a plugin to perform
any of the damaging tasks you have mentioned.

What I would like to see is a plugin repository that contains only plugins that
have been uploaded to bugs.koha-community.com so that they may be vetted and
qa'ed just like any other modification to Koha. If a library wishes to use 
plugins from elsewhere, it is up to themselves to vet those plugins before use,
or to trust the source itself.

I understand that time is a limited resource for everyone ( including myself ),
but if you feel strongly enough about this issue, I would welcome a followup
patch to add this.

-- 
You are receiving this mail because:
You are watching all bug changes.