[thelist] automatic code updates with PHP

Steve Lewis slewis at macrovista.net
Tue Nov 12 18:55:31 CST 2002


Peter VanDijck wrote:
 > The whole idea is that the user doesn't have to *bother* with little
 > upgrades and bug fixes all the time. I would live my Moveabletype
 > installation to just upgrade itself with all these little upgrades - I
 > don't have time for it. Make sense?
It makes alot of sense, but as I said I am having difficulty wrapping my
head around this idea that you dont trust them to upgrade, and they
don't trust you to let you upgrade them.  Even Microsoft lets me choose
when I upgrade my OS or browser etc (in Win 2k).  Somebody has to
compromise (they trust you to write non-malicious code to their DB or
their filesystem--it doesn't matter which, if you can write malicious
code to their filesystem you can eval() the same malicious code--or you
trust them to upgrade).

While your idea seems appealing, I think you may underestimate the trust
and responsibility associated with this system.

Mike Migurski wrote:
> Or have them give you a crippled shell account that only accesses the
> code, and not the data.
And if they can do a 'crippled' shell acct, they can modify the
/etc/sudoers file and have very auditable rights assigned to you.  This
won't work on a shared host however.  In a shared host environment it
should be possible to add a sticky bit however...

> Either way, if you want to be able to update code on your client's
> machine, then your client will need to give you *some* access to their
> servers, whether that comes in the form of a user account or simply the
> trust that needs to be there when they type 'cvs up' and assume that you
> haven't added something malicious to the code.
Exactly.  I think you need to establish that trust.  If the user does
not explicitly initiate/approve the update, than there is an implied
trust.  If that implied trust is accepted by the client/user than you
should get something codified in the member agreement.

It should not be difficult for you to patch in a link into the backend
of your moveabletype app that checks for updates, and gives them simple
instructions to 'cvs up' to the latest version, or write a script that
will use sticky bits or something to deploy it for them.

As I said before, if you really want to eval() a website, do it.  Just
be sure to let us know what happens.  I think you may be willing to go
where few folks have gone before, and the results should be something we
can learn from. :)

--Steve




More information about the thelist mailing list