* Javi Merino <[email protected]> [20100511 10:48]: > Hi, I think the attached patch fixes the bashism by creating a function > that returns a random number instead of relying on the $RANDOM magic > variable. > > I'll try to get it accepted upstream.
I'm not sure if something based on /dev/urandom will be accepted
upstream as /dev/urandom is not available everywhere.
> On 11/05/10 07:42, Raphael Geissert wrote:
> > While performing an archive wide checkbashisms (from the 'devscripts'
> > package)
> > check I've found your package containing a /bin/sh script making use
> > of a bashism.
> >
> > checkbashisms' output:
> >> possible bashism in ./usr/share/doc/mercurial-common/examples/hgeditor line
> >> 30 ($RANDOM):
> >> HGTMP="${TMPDIR-/tmp}/hgeditor.$RANDOM.$RANDOM.$RANDOM.$$"
This is only a half-bashism, on shells without special support for
$RANDOM the variable simply evaluates to the empty string.
This is just "hgeditor....$$", so it is easier to create name
collisions, but still no security risk as the script simply aborts
in this case.
I guess the ideal solution would be to rewrite hgeditor in python,
but if you can replace the creation of the temporary directory with
a simple call to
python -c "something"
it would be enough to solve your current problem.
Regards,
Thomas Arendsen Hein
--
[email protected] - http://intevation.de/~thomas/ - OpenPGP key: 0x5816791A
Intevation GmbH, Neuer Graben 17, 49074 Osnabrueck - AG Osnabrueck, HR B 18998
Geschaeftsfuehrer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
pgpiE4stKZR3K.pgp
Description: PGP signature
