http://bugs.koha-community.org/bugzilla3/show_bug.cgi?id=7804 --- Comment #25 from Kyle M Hall <kyle.m.hall@gmail.com> ---
As for why I think this is necessary, consider a plugin which is nothing but a one-line forkbomb. Having an executable file doesn't even require someone to follow an API. They can simply download one of the gazillion of examples of how to take down your server with one line (just, what, 9 characters if you're using bash?), zip it up with your example ini file, and bring down the server. Or a plugin which actually just contains a command line script for reinitializing your Koha database for testing. Accidentally zip that up with your plugin, have someone connect to it (and there's no need for authentication to access a plugin, notice!), and your production server is pristine. Like the cheese shop, it is very clean.
I understand your examples, but I feel like this is more of a buyer beware issue. If you are uploading random plugins to your system without vetting them first, then of course you will have problems, Module::Load::Conditional or not! The design is meant to have plugins deal with their own authentication. My examples do indeed use C4::Auth::checkauth for authentication. After examining the issues involved, I just feel that this requirement is very very onerous, and would require huge amounts of time to understand and implement. If you could please show me how Module::Load::Conditional would prevent any of your scenarios from taking place, I may reconsider my position. However, as it stands, even with said implementation, I could easily write a plugin to perform any of the damaging tasks you have mentioned. What I would like to see is a plugin repository that contains only plugins that have been uploaded to bugs.koha-community.com so that they may be vetted and qa'ed just like any other modification to Koha. If a library wishes to use plugins from elsewhere, it is up to themselves to vet those plugins before use, or to trust the source itself. I understand that time is a limited resource for everyone ( including myself ), but if you feel strongly enough about this issue, I would welcome a followup patch to add this. -- You are receiving this mail because: You are watching all bug changes.