IRC logs of #tryton for Saturday, 2014-09-06

chat.freenode.net #tryton log beginning Sat Sep 6 00:00:01 CEST 2014
-!- cedk(~ced@gentoo/developer/cedk) has joined #tryton00:30
-!- alisonken1home(~alisonken@pool-71-104-227-211.lsanca.dsl-w.verizon.net) has joined #tryton02:58
-!- digitalsatori(~Thunderbi@116.234.181.110) has joined #tryton04:03
-!- frispete(~frispete@p54A91320.dip0.t-ipconnect.de) has joined #tryton06:40
-!- yangoon1(~mathiasb@p549F2F3E.dip0.t-ipconnect.de) has joined #tryton07:02
-!- pobsteta(~Thunderbi@4cb54-3-88-160-87-54.fbx.proxad.net) has joined #tryton08:03
-!- vernichon(~Thunderbi@gex01-1-78-234-55-95.fbx.proxad.net) has joined #tryton09:10
-!- cedk(~ced@gentoo/developer/cedk) has joined #tryton09:14
-!- pobsteta(~Thunderbi@4cb54-3-88-160-87-54.fbx.proxad.net) has joined #tryton09:36
-!- pobsteta(~Thunderbi@4cb54-3-88-160-87-54.fbx.proxad.net) has joined #tryton09:43
-!- vernichon(~Thunderbi@gex01-1-78-234-55-95.fbx.proxad.net) has joined #tryton09:55
-!- rpit(~ralf@dslb-088-071-239-252.088.071.pools.vodafone-ip.de) has joined #tryton11:08
-!- digitalsatori(~Thunderbi@116.234.181.110) has joined #tryton11:10
-!- duesenfranz(~jona@chello213047255061.tirol.surfer.at) has joined #tryton12:39
duesenfranzwhat is the purpose of tools/misc:safe_eval?12:40
duesenfranzhttps://github.com/tryton/trytond/blob/feeea16ec199441e558511cf74f9353260f8ae55/trytond/tools/misc.py#L37112:40
duesenfranzaltough i can search for uses, I don't really get where the code that gets run comes from12:40
duesenfranz(altough propably from the database / reports, as far as I could see)12:41
duesenfranzcedk: because I think writing a safe_eval function is probably not possible, and also this function isn't really safe12:43
cedkduesenfranz: it is as safe as possible, if you find an issue please report14:05
cedkduesenfranz: also it uses as few as possible and only on data from source file or authenticated user14:07
duesenfranzwell, I found an issue, and I'm quite sure there can always be others14:12
duesenfranzhowever, I would be happy to provide you with a pastebin that gets eval'd happily and crashes the compiler14:13
duesenfranzsegfaults14:13
duesenfranzor run arbitrary commands, if you will14:13
duesenfranzcedk:14:13
duesenfranzbut to be honest, in my opinion, having a function that wraps 'eval' and has 'safe_' in its name is just a bad idea14:15
Piloudon't hesitate to open a bug report14:30
duesenfranzwhat would the priority of such a thing be? this generally means an authenticated user can overtake the server, I think14:35
-!- hiaselhans(~Thunderbi@91.141.4.154.wireless.dyn.drei.com) has joined #tryton14:38
-!- kstenger(~karla@200.124.209.158) has joined #tryton14:42
-!- rpit(~ralf@dslb-088-071-239-252.088.071.pools.vodafone-ip.de) has joined #tryton14:52
duesenfranzwell, here it is https://bugs.tryton.org/issue415514:56
Pilouduesenfranz: FYI security issues are not visible by everyone (https://groups.google.com/forum/#!topic/tryton/T2Y36z6VhoA)15:21
duesenfranzPilou: thanks... so just "trusted" developers?15:25
Pilouand package maintainers15:26
duesenfranzwill such things be discussed within the bug report or at some mailing list I can't access?15:33
Piloui guess the bug report15:38
duesenfranzok thanks15:56
kstengeris any of you familiar with the new format of the configuration file for tryton? I've been able to set up some values correctly but others seem to be missing because when I log in to my client the server fails when tryigng to register the database to the pool15:59
kstengerbefore I had an admin password, now I set it up as super_pwd inside the [session] group16:00
kstengerbut I think something is missing when it tries to connect to the database16:01
Piloukstenger: could you paste your config file ?16:05
-!- cedk(~ced@gentoo/developer/cedk) has joined #tryton16:05
kstengerhttp://ur1.ca/i4qgs16:09
Piloukstenger: how do you run trytond ?16:11
kstengerpython /root/test-karla/trytond/bin/trytond -c=/root/test-karla/trytond/etc/trytond.conf16:11
kstengeras root16:13
Pilou(you should not run trytond as root but it's another subject)16:14
kstengerI know, it's just how the setup is for now16:14
-!- digitalsatori(~Thunderbi@116.234.181.110) has joined #tryton16:14
kstengerfor now I just need to get this config file to work :)16:15
Piloudid you initialize a database using "-d dbname -i all" first ?16:15
kstengeruh oh16:15
kstengeryeah... that should be it, let me check16:15
Pilouyou could use the tryton client too using (File, Database, New Database)16:16
kstengerbut, -u all, unless I need -i for some specific, right?16:16
kstengerno, I would like to just update this database16:16
cedkkstenger: fixed with chnageset b5be096a6b3316:17
kstengercedk: what was fixed? I just updated yesterday to the latest and my config files went useless16:18
Piloukstenger: cedk pushed a fix just now16:19
kstengeroh, ok let's try16:19
kstengerwhat should i expect then?16:20
Pilouno popup and no traceback ;)16:20
kstengerok i see I also have to place the -c flag when updating the database... so far goes well16:22
-!- smarro(~sebastian@190.105.93.196) has joined #tryton17:00
-!- smarro(~sebastian@190.105.93.196) has joined #tryton18:02
-!- jcm(~jcm@cxr69-10-88-172-230-130.fbx.proxad.net) has joined #tryton19:05
-!- nicoe(~nicoe@91.179.31.70) has joined #tryton19:41
-!- Telesight(~anthony@77-175-159-159.FTTH.ispfabriek.nl) has joined #tryton20:25
-!- uranus(~uranus@ool-182fa854.dyn.optonline.net) has joined #tryton21:17
-!- duesenfranz(~jona@chello213047255061.tirol.surfer.at) has joined #tryton23:27

Generated by irclog2html.py 2.11.0 by Marius Gedminas - find it at mg.pov.lt!