Hi Ralph, Ralph Corderoy wrote on Sun, Oct 16, 2011 at 06:00:20PM +0100: > Ingo Schwarze wrote:
>> -. pso bash -c "echo -n .ds *date\ ;date" >> +. pso /bin/sh -c "echo -n .ds *date\ ;date" > That smells odd; Yes, please do say that aloud. :-/ This part of the hdtbl example code looks horribly unsafe; shelling out of roff code is already questionable practice: Some people read manuals as root and probably don't expect malicious manuals to run arbitrary code (for that reason, we decided that we will never support .pso in mandoc(1) at all). And then it's using a non-portable shell and questionable quoting on top of that. > what if I've a file called ./mandate? Do the globs > need escaping? I realise you haven't introduced them Yes, and exactly those potential security issues were the reason why i disabled those examples completely when porting groff to OpenBSD, rather than even trying to fix the shell GNUism. I'd consider it quite useful if somebody who is actually using hdtbl - i'm not using that macro package - would do an audit and improve the code quality. But that's beyond the scope of my patch. > but I've only noticed them in browsing your patch. :-) > Also, would plain `sh' suffice, relying on PATH? Yes, it would suffice. Then again, all systems i ever heard of agree on putting the standard shell in /bin, so i doubt that's less portable, and arguably, it's marginally safer because people might have unsafe PATHs and random crap lying around. I don't have '.' in my PATH even when working as non-root, but some systems do such things by default. I have often seen portable scripts start with "#! /bin/sh". Even GNU autoconf generates ./configure like that. Yet i don't feel strongly about that detail. Yours, Ingo
