[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-
From: |
Ken Hornstein |
Subject: |
Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7 |
Date: |
Sun, 14 Jan 2018 23:02:57 -0500 |
>...but my experience working with /bin/sh in other matters over the years
>suggests that the safest thing to do is always to quote shell metacharacters
>you aren't deliberately intending to interpret.
Right, but think about what is happening here. We are passing this
arbitrary text to user-controlled command line which might possibly be
in their .mh_profile. Is %{name} surrounded by double quotes? By single
quotes? By any quotes at all? Different quoting rules for each! I think
trying to intuit the right quoting rules is nearly impossible. I suppose
we could in theory see if %{xxx} is quoted, but it might be part of some
other quoted string, e.g.: "Now displaying %{name}" or whatever. It just
seems like any solution here is going to be super-fragile and we're going
to run into someone where it doesn't work for them.
That's why I am thinking that for THIS case, anything that ends up as
a shell metacharacter should be stripped out. Or ... we decide on a
very specific set of interface rules and document them completely.
--Ken
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, (continued)
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Steven Winikoff, 2018/01/21
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Paul Vixie, 2018/01/14
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, David Levine, 2018/01/14
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Ken Hornstein, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Paul Vixie, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Tom Lane, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Ken Hornstein, 2018/01/14
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Steven Winikoff, 2018/01/14
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7,
Ken Hornstein <=
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Paul Vixie, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, David Levine, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Ken Hornstein, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, David Levine, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Paul Vixie, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Ken Hornstein, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Steven Winikoff, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Paul Vixie, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Ken Hornstein, 2018/01/15
- Re: [Nmh-workers] proposed patch for shell metacharacter failure in nmh-1.7, Paul Vixie, 2018/01/15