On Sep 7, 2008, at 2:19 PM, Alexey Tourbin wrote:

> On Sun, Sep 07, 2008 at 12:10:18PM -0400, Jeff Johnson wrote:
>> There's a class of infinite recursion problems with manifests used
>> on the rpm CLI that I don't know to fix.
>>
>> A manifest is a file containing a list of paths to packages (or other
>> manifests)
>
> Forbid manifest files from within manifests.

Actually I think you're on to something here.

I can easily associate a recursion level with each arg, and do level++
when opening item as a manifest.

With a recursion level, the recursion can be limited.

So "Forbid manifests" becomes same is "fail if level > 0", and
forbidding manifests withing manifests is same as "fail if level > 1".

Note that URI's are also permitted in manifests, and so "cross site
scripting" needs to be avoided with URI affinity as well.

73 de Jeff