[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Quote filename passed to $EDITOR

From: Marcus Comstedt <marcus_at_mc.pp.se>
Date: 2002-07-23 20:01:55 CEST

Ulrich Drepper <drepper@redhat.com> writes:

> On Tue, 2002-07-23 at 09:53, Karl Fogel wrote:
> > (I suppose we could have a configuration-determined character that
> > gets substituted in, but doesn't seem worth the trouble...)
> I do think it is. This is a potential security hole.

As already stated, we have been over this. Talking about security
holes in code doing invoking $EDITOR is just silly, since the 3v1L
user can just put his 3v1L commands in a script and set $EDITOR to
point to that script instead of bothering with trying to fool /bin/sh
to run them as part of the invocation.

> And re not using something else but system. I haven't seen the
> discussions but it seems to be again "a minimum functionality dictates
> usage" thing. This is wrong.

Yes, your ananysis of the discussion (which you haven't even read) is
incorrect. It's a "confuse the user less by doing it like everybody
else does it" thing.

> If you'd use posix_spawn() or even
> fork()/exec you'd not only get better security but also significantly
> more speed and and less resource usage (executing a shell is extrememly
> demanding).

And, unfortunately, worse functionality for the user. $EDITOR can
contain stuff like "LD_LIBRARY_PATH=/foo/bar/gazonk strange_emacs"
or whatever. Please read the old discussions so that you may at least
say something new. :-)

  // Marcus

To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 23 20:08:24 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.