Bitbake is an execution engine, so in general it isn't a surprise that it can execute things. We do make network accesses and have some data which comes from "untrusted" sources though, and we therefore do need to be careful, particularly in areas in like fetcher.
One of the red flags people look for is shell=True being used with the subprocess functions. We make this a bit worse by having wrappers like bb.process.run() which actually patch that in as needed. This has resulted in a lot of execution code which is run via a subshell. To be clear, most of it is fine. There is a risk you can pass something like ';/bin/sh echo xxx > yyy' inside a variable and bad things could then happen. In most cases this would either be hard, or could be done in other ways (as it is an execution engine) but I am worried people blindly copy and paste code without thinking about some of these issues. I'd like to: a) go through our codebase and where possible, switch our code execution to use lists of parameters rather than strings b) explicitly require shell=True where we that is needed c) remove the fallback code adding shell=True and make that an error d) see if some of the real shell=True usages can be replaced By using lists instead of strings, escaping of data is handled much more cleanly. The intent of the change would be to promote better practises in general, make it clear where shell=True is being used and help performance a tiny bit by dropping subshell usage in many cases. I have some patches in progress for bitbake and OE-Core but it is going to take a bit of effort to get through everything as it often cascades through wrapper functions. I therefore wanted to explain why we should do this and hope we get wide community buy in! Cheers, Richard
-=-=-=-=-=-=-=-=-=-=-=- Links: You receive all messages sent to this group. View/Reply Online (#2369): https://lists.openembedded.org/g/openembedded-architecture/message/2369 Mute This Topic: https://lists.openembedded.org/mt/119574021/21656 Group Owner: [email protected] Unsubscribe: https://lists.openembedded.org/g/openembedded-architecture/unsub [[email protected]] -=-=-=-=-=-=-=-=-=-=-=-
