Bug#581122: mercurial-common: bashism in /bin/sh script

Tue, 11 May 2010 02:42:21 -0700 

On 11/05/10 11:12, Thomas Arendsen Hein wrote:
> * Javi Merino <[email protected]> [20100511 10:48]:
>> Hi, I think the attached patch fixes the bashism by creating a function
>> that returns a random number instead of relying on the $RANDOM magic
>> variable.
>>
>> I'll try to get it accepted upstream.
> 
> I'm not sure if something based on /dev/urandom will be accepted
> upstream as /dev/urandom is not available everywhere.

Whoah, yes, you are right. I thought /dev/urandom is not POSIX. I
thought it was...

>> On 11/05/10 07:42, Raphael Geissert wrote:
>>> While performing an archive wide checkbashisms (from the 'devscripts' 
>>> package)
>>> check I've found your package containing a /bin/sh script making use
>>> of a bashism.
>>>
>>> checkbashisms' output:
>>>> possible bashism in ./usr/share/doc/mercurial-common/examples/hgeditor line
>>>> 30 ($RANDOM):
>>>> HGTMP="${TMPDIR-/tmp}/hgeditor.$RANDOM.$RANDOM.$RANDOM.$$"
> 
> This is only a half-bashism, on shells without special support for
> $RANDOM the variable simply evaluates to the empty string.
> 
> This is just "hgeditor....$$", so it is easier to create name
> collisions, but still no security risk as the script simply aborts
> in this case.
> 
> I guess the ideal solution would be to rewrite hgeditor in python,
> but if you can replace the creation of the temporary directory with
> a simple call to
>   python -c "something"
> it would be enough to solve your current problem.

Okay, I've changed it to rely on python to get the random numbers. Do
you think the attached patch has more chances to be accepted upstream?

Regards,
Javi (Vicho)

diff --git a/hgeditor b/hgeditor
--- a/hgeditor
+++ b/hgeditor
@@ -27,7 +27,8 @@ cleanup_exit() {
 trap "cleanup_exit" 0 # normal exit
 trap "exit 255" 1 2 3 6 15 # HUP INT QUIT ABRT TERM
 
-HGTMP="${TMPDIR-/tmp}/hgeditor.$RANDOM.$RANDOM.$RANDOM.$$"
+RAND_NUMS=$(python -c 'from random import randint; print(".".join([str(randint(0, 100000)) for i in range(0, 3)]))')
+HGTMP="${TMPDIR-/tmp}/hgeditor.$RAND_NUMS.$$"
 (umask 077 && mkdir "$HGTMP") || {
     echo "Could not create temporary directory! Exiting." 1>&2
     exit 1

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to