[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: Reminder: $EDITOR with spaces?

From: Philip Martin <philip_at_codematters.co.uk>
Date: 2002-04-28 23:27:46 CEST

Daniel Stenberg <daniel@haxx.se> writes:

> On Sun, 28 Apr 2002, Zack Weinberg wrote:
>
> > -0: I don't see what's wrong with just calling system() in this case, like
> > everyone else who handles $EDITOR.
>
> Because using system() for this was discussed and turned down when I first
> started messing with $EDITOR support, back in January:
>
> [ said regarding using svn_io_run_cmd() instead of system() ]
> <quote>
> It's not just a "better option" but a requirement :-) system() isn't
> portable, and it isn't exactly the safest function in the world. Granted,
> this is all client stuff, but I'd still not like to see system-based
> exploits in the code.
> </quote>
> http://subversion.tigris.org/servlets/ReadMsg?msgId=55026&listName=dev
>
> Of course, matters and opinions change. This may not be valid anymore...

Well the security problem is a red herring, the whole point of EDITOR
is that we are letting the user specify the program to be run.

Yes, the patch provides some of the expected behaviour on Unix. I
don't know enough about Windows to say what would be expected there,
what is the conventional behaviour on that platform?

The patch doesn't provide all the behaviour I would expect on Unix,
using system() would allow

   EDITOR='LD_LIBRARY_PATH=/some/lib /some/program'

Perhaps we need an APR wrapper for system()?

-- 
Philip
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Sun Apr 28 23:28:43 2002

This is an archived mail posted to the Subversion Dev mailing list.