[svn.haxx.se] · SVN Dev · SVN Users · SVN Org · TSVN Dev · TSVN Users · Subclipse Dev · Subclipse Users · this month's index

Re: [PATCH] Quote filename passed to $EDITOR

From: Scott Lamb <slamb_at_slamb.org>
Date: 2002-07-23 20:51:24 CEST

Karl Fogel wrote:
> Ulrich Drepper <drepper@redhat.com> writes:
>
>>I do think it is. This is a potential security hole.
>
>
> What exactly is the scenario(s) here? How high is the risk? How much
> trouble is the fix? What's the probability that the fix will cause
> some unforseen problem :-)?

I'm more worried about working copies with weird names. Ones with spaces
  - putting quotes around it fixes that. Ones with dollar signs - error
on Unix. Ones with percents - errors on Windows. Ones with quotes -
error on both. Escaping is shell-dependent.

This sort of thing does happen, and I don't like software that does
nasty things because of it. I.e., the iTunes installer that would eat
your hard drive if you had a space in a volume name. This is somewhat
less drastic ;) but still could be annoying.

>>And re not using something else but system. I haven't seen the
>>discussions but it seems to be again "a minimum functionality dictates
>>usage" thing. This is wrong. If you'd use posix_spawn() or even
>>fork()/exec you'd not only get better security but also significantly
>>more speed and and less resource usage (executing a shell is extrememly
>>demanding).
>
>
> I can't remember the name of the thread, but it's worth reading.

I think I found most of it here:
<http://subversion.tigris.org/servlets/SearchList?list=dev&searchText=editor&defaultField=subject&Search=Search>
The "[PATCH] $EDITOR with spaces" and "Reminder: $EDITOR with spaces?"
in particular. (Of course, I wasn't there, so I don't know that's all of
it.)

I was going to suggest something complicated involving apr_proc_create,
splitting EDITOR but escaping "\ " pairs, etc. but I think the cd way
would solve my objection above and be a lot simpler. basedir is the
problem and with the cd way, basedir doesn't need to be in the
commandline at all. 

--
Scott Lamb
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@subversion.tigris.org
For additional commands, e-mail: dev-help@subversion.tigris.org
Received on Tue Jul 23 20:52:03 2002

This is an archived mail posted to the Subversion Dev mailing list.

This site is subject to the Apache Privacy Policy and the Apache Public Forum Archive Policy.