)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":1000009,"name":"selvanair","display_name":"Selva Nair","email":"selva.nair@gmail.com","username":"selvanair"},"change_message_id":"5f766fd1358a7ec5453bfe64cfc1113989f5bf58","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"d7ce0d78_836d0819","updated":"2025-12-08 22:02:53.000000000","message":"Done.","commit_id":"a38e38e442863a2aa32337614ed78cf3fdcc43af"},{"author":{"_account_id":1000009,"name":"selvanair","display_name":"Selva Nair","email":"selva.nair@gmail.com","username":"selvanair"},"change_message_id":"1f0e21cab9afae019a79e17353f33020cf33eb27","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"acb8dca9_dade29ca","updated":"2025-12-08 19:46:51.000000000","message":"In fact, the following will bypass \"pull-filter ignore route \"!\n\npush \"\\\"route\\\" x.y.z.0 255.255.255.0\"","commit_id":"a38e38e442863a2aa32337614ed78cf3fdcc43af"},{"author":{"_account_id":1000009,"name":"selvanair","display_name":"Selva Nair","email":"selva.nair@gmail.com","username":"selvanair"},"change_message_id":"9f2011a1f6fd2db21da10ded1bcdd608cefd19f9","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"738a1ab8_064ccee8","in_reply_to":"18ea80e9_9337951d","updated":"2025-12-08 21:50:59.000000000","message":"I had an inkling that there could be more ways than just spaces to defeat this -- and you challenged me to find one 😊\n\nAnyway, such \"unknown unknowns\" is what prompted me to write this in a nuanced and hedged fashion... Now we know at least one concrete way to break it, we could just say:\n\n  *Warning:* ``pull-filter`` cannot be relied upon as a security measure to\n  protect against offending options pushed by a server. For example, the\n  filter could be defeated by pushing options with extra spaces between\n  tokens or other formatting variations.\n\nI thought about improving the matching algorithm, but it doesn\u0027t look trivial. For now it has to remain a convenience option.","commit_id":"a38e38e442863a2aa32337614ed78cf3fdcc43af"},{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"b119b0fc21cf9c03eeaef1970ff5a579e2f82f08","unresolved":true,"context_lines":[],"source_content_type":"","patch_set":2,"id":"ae48bc3b_5fd940ef","in_reply_to":"738a1ab8_064ccee8","updated":"2025-12-08 21:53:36.000000000","message":"text works for me...","commit_id":"a38e38e442863a2aa32337614ed78cf3fdcc43af"},{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"4f9d885c4597f290bf078a5d2e1e857e5ddc2d80","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":2,"id":"18ea80e9_9337951d","in_reply_to":"acb8dca9_dade29ca","updated":"2025-12-08 21:31:20.000000000","message":"ewww... who permitted such ugliness to pass the parser...\n\nso, reword again?  \"Do not connect to malicious servers, period\"?","commit_id":"a38e38e442863a2aa32337614ed78cf3fdcc43af"}],"doc/man-sections/client-options.rst":[{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"5e2970092a2e0f5cdf305eebfe63c656449ac85a","unresolved":true,"context_lines":[{"line_number":346,"context_line":"  use :code:`ignore`."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"  *Warning:* ``pull-filter`` cannot be relied upon as a security measure to"},{"line_number":349,"context_line":"  protect against offending options pushed by a server. For example, the"},{"line_number":350,"context_line":"  filter could be defeated by pushing options with extra spaces between"},{"line_number":351,"context_line":"  tokens or other formatting variations. In such situations, an \"allow-list\""},{"line_number":352,"context_line":"  approach using a generic ``pull-filter ignore`` followed by more specific"}],"source_content_type":"text/x-rst","patch_set":1,"id":"733a8042_b2df151c","line":349,"updated":"2025-12-08 11:07:29.000000000","message":"I would word the first part slightly differently (just as a suggestion)\n\n```\n*Warning:* if using ``pull-filter`` as a security measure to protect against offending options pushed by a server, a negative match (ignore/reject) might be circumvented by pushing options with extra spaces...\n```\r\n\nand then the rest as is - except that I think it needs to be the other way round, first the specific ``accept`` and then the generic ``ignore`` - the logic is \"first match decided\"...  so\n\n```\npull-filter accept route 1.2.3.0\npull-filter ignore route\n```\n\nwould permit 1.2.3.0, while the other way round would ignore all routes.  At least this is what I remember and the code seems to agree with me :-)","commit_id":"7e1ea3e6386d0d15ce2c5e3a926e907e67d23daf"},{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"e398058b3364c11f86f9fca80c9e15ad719e4f81","unresolved":true,"context_lines":[{"line_number":346,"context_line":"  use :code:`ignore`."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"  *Warning:* ``pull-filter`` cannot be relied upon as a security measure to"},{"line_number":349,"context_line":"  protect against offending options pushed by a server. For example, the"},{"line_number":350,"context_line":"  filter could be defeated by pushing options with extra spaces between"},{"line_number":351,"context_line":"  tokens or other formatting variations. In such situations, an \"allow-list\""},{"line_number":352,"context_line":"  approach using a generic ``pull-filter ignore`` followed by more specific"}],"source_content_type":"text/x-rst","patch_set":1,"id":"fbc0101c_fded5f06","line":349,"in_reply_to":"08b3c3d0_c199f4ee","updated":"2025-12-08 15:12:15.000000000","message":"Well, I see your point, but then I find your wording a bit hard to understand - \"it can not be relied upon - but here is how you do it\".  My take is more \"it *can* be used, but you need to be careful to get it right\"...\n\nOTOH I\u0027m not a native speaker, so I\u0027ve made my point :-) - and will go along with what you end up with.","commit_id":"7e1ea3e6386d0d15ce2c5e3a926e907e67d23daf"},{"author":{"_account_id":1000009,"name":"selvanair","display_name":"Selva Nair","email":"selva.nair@gmail.com","username":"selvanair"},"change_message_id":"ea44ca87e3eefa5b4a0f76467b58c80724334c64","unresolved":true,"context_lines":[{"line_number":346,"context_line":"  use :code:`ignore`."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"  *Warning:* ``pull-filter`` cannot be relied upon as a security measure to"},{"line_number":349,"context_line":"  protect against offending options pushed by a server. For example, the"},{"line_number":350,"context_line":"  filter could be defeated by pushing options with extra spaces between"},{"line_number":351,"context_line":"  tokens or other formatting variations. In such situations, an \"allow-list\""},{"line_number":352,"context_line":"  approach using a generic ``pull-filter ignore`` followed by more specific"}],"source_content_type":"text/x-rst","patch_set":1,"id":"08b3c3d0_c199f4ee","line":349,"in_reply_to":"733a8042_b2df151c","updated":"2025-12-08 15:04:52.000000000","message":"(i) I wanted to discourage using pull-filter as a security feature at all. Your suggestion would suggest its okay to use it for security, but there are caveats. As bypassing the filter is easy, I\u0027m not convinced of that take.\n\n(ii) You are absolutely right -- I got the order inverted -- will fix.","commit_id":"7e1ea3e6386d0d15ce2c5e3a926e907e67d23daf"},{"author":{"_account_id":1000009,"name":"selvanair","display_name":"Selva Nair","email":"selva.nair@gmail.com","username":"selvanair"},"change_message_id":"dd9ff6f03acb57ce4468c2772cbff1747b0cc122","unresolved":false,"context_lines":[{"line_number":346,"context_line":"  use :code:`ignore`."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"  *Warning:* ``pull-filter`` cannot be relied upon as a security measure to"},{"line_number":349,"context_line":"  protect against offending options pushed by a server. For example, the"},{"line_number":350,"context_line":"  filter could be defeated by pushing options with extra spaces between"},{"line_number":351,"context_line":"  tokens or other formatting variations. In such situations, an \"allow-list\""},{"line_number":352,"context_line":"  approach using a generic ``pull-filter ignore`` followed by more specific"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9beb5395_c14a4c30","line":349,"in_reply_to":"9a5b4c11_dfcbcb2d","updated":"2025-12-08 19:17:39.000000000","message":"Done","commit_id":"7e1ea3e6386d0d15ce2c5e3a926e907e67d23daf"},{"author":{"_account_id":1000002,"name":"cron2","display_name":"Gert Doering","email":"gert@greenie.muc.de","username":"cron2"},"change_message_id":"96a652f23f129ef48f6bc23f4fa63ed9cac856d5","unresolved":true,"context_lines":[{"line_number":346,"context_line":"  use :code:`ignore`."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"  *Warning:* ``pull-filter`` cannot be relied upon as a security measure to"},{"line_number":349,"context_line":"  protect against offending options pushed by a server. For example, the"},{"line_number":350,"context_line":"  filter could be defeated by pushing options with extra spaces between"},{"line_number":351,"context_line":"  tokens or other formatting variations. In such situations, an \"allow-list\""},{"line_number":352,"context_line":"  approach using a generic ``pull-filter ignore`` followed by more specific"}],"source_content_type":"text/x-rst","patch_set":1,"id":"9a5b4c11_dfcbcb2d","line":349,"in_reply_to":"cb5ea473_694dd9d3","updated":"2025-12-08 17:00:06.000000000","message":"Mmmh.  I do think it\u0027s reasonably secure if used correctly (allowlist) *but* I agree that one needs to take care and it\u0027s easy to produce something that works against a non-malicious server that just pushes an unwanted route, and consider that \"secure\".  Which it quite likely won\u0027t be.\n\nThis is what my suggested wording was intended to convey ;-)\n\nBut we can agree to disagree on this - in this case I\u0027d go for \"Option 2\".","commit_id":"7e1ea3e6386d0d15ce2c5e3a926e907e67d23daf"},{"author":{"_account_id":1000009,"name":"selvanair","display_name":"Selva Nair","email":"selva.nair@gmail.com","username":"selvanair"},"change_message_id":"5ab844e0ddc3ff1d4869817836952c863d5dceff","unresolved":true,"context_lines":[{"line_number":346,"context_line":"  use :code:`ignore`."},{"line_number":347,"context_line":""},{"line_number":348,"context_line":"  *Warning:* ``pull-filter`` cannot be relied upon as a security measure to"},{"line_number":349,"context_line":"  protect against offending options pushed by a server. For example, the"},{"line_number":350,"context_line":"  filter could be defeated by pushing options with extra spaces between"},{"line_number":351,"context_line":"  tokens or other formatting variations. In such situations, an \"allow-list\""},{"line_number":352,"context_line":"  approach using a generic ``pull-filter ignore`` followed by more specific"}],"source_content_type":"text/x-rst","patch_set":1,"id":"cb5ea473_694dd9d3","line":349,"in_reply_to":"fbc0101c_fded5f06","updated":"2025-12-08 16:13:29.000000000","message":"This is what I wanted to say: Pull filter was not designed as a security measure, so do not use it for security, its easy to be defeated. That said, there is some care one could take while writing the filter commands to guard against formatting mismatches. I do not want to give an impression that its \"secure\" once ordered as an \"allow-list\". May be it is, I do not know.\n\nI just paraphrased the above into a more formal form --- \"in such situations\" was meant to refer to spaces/formatting mismatches, not security; \"preferred\" is meant to indicate that its a suggestion, not a fool-proof work-around. I see its a bit nuanced. If the intended meaning is not coming through I\u0027ll rewrite it:\n\nOption 1 -- use a less nuanced language:\n\nWarning: The pull-filter mechanism must not be regarded as a security measure for blocking undesired server-pushed options. It can be circumvented through formatting variations (e.g., added whitespace). To improve robustness against such formatting discrepancies, an \"allow-list\" configuration using specific `pull-filter accept` directives followed by a general `pull-filter ignore` is preferred to a \"deny-list\" approach. This recommendation does not imply that pull-filter provides any security guarantees.\n\nOption 2 -- Just add an extra line:\n\"This approach improves robustness but does not guarantee security.\"","commit_id":"7e1ea3e6386d0d15ce2c5e3a926e907e67d23daf"}]}