From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Wed, 11 Jul 2012 00:00:17 +0000 (+0100)
Subject: make-secnet-sites: Do not permit "include" in simple sites files
X-Git-Tag: debian/0.3.0_beta1~23
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=secnet.git;a=commitdiff_plain;h=21fd3a92a61d31ce848177c0049cb6eb39963161

make-secnet-sites: Do not permit "include" in simple sites files

Restrict the "include" directive to the "header" of -u (groupfile
update) mode.  Callers who are simply using make-secnet-sites to
transform a (possibly untrusted) sites file into a (to be trusted)
sites.conf file should not have to worry about includes.

"include" directives are already forbidden in group files.

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
---

diff --git a/make-secnet-sites b/make-secnet-sites
index aa50344..966bb77 100755
--- a/make-secnet-sites
+++ b/make-secnet-sites
@@ -480,7 +480,7 @@ else:
 		if len(sys.argv)>3:
 			print "Too many arguments"
 			sys.exit(1)
-		pfilepath(sys.argv[1],allow_include=True)
+		pfilepath(sys.argv[1])
 		of=sys.stdout
 		if len(sys.argv)>2:
 			of=open(sys.argv[2],'w')