Hestia - plugin to load project/machine specific configurations securely

Hi all, just finished creating a fairly simple plugin here that allows you to load arbitrary kak files. It also supports loading machine/project specific configuration out of the box. This typically presents security issues, because loading files based on their location could allow someone to inject said files into your projects and execute arbitrary code on your machine. The plugin also leverages gpg to sign and verify these configuration files, hopefully addressing those concerns. It’s a bit less convenient, but hopefully worth the extra peace of mind.

Let me know what you think and feel free to raise issues about concerns/potential improvements

3 Likes

What happens if the file you verify requires other files?

You know that’s a great question, in theory it should work but I can’t say I’ve tried it though

Can you override the source command to recursively verify files?

1 Like

Thank you so much, I didn’t realize there was a source command haha. Overriding the existing command somehow is interesting, I’ll definitely look into it!

That got my imagination thinking as well. How about a data structure like Map<K, List<V>> by parsing a .properties, .xml, or .json file. Perhaps a unix pipeline that makes use of commands to name a few; grep, sed, tr. On the module keywords provide-module, require-module to populate a data structure. Or break out into your favorite general purpose programming language to do the job.

Anyway, theirs my two cents. Bye :wave: