On Wed, 29.10.14 09:40, Alexandre Detiste (alexandre.deti...@gmail.com) wrote:
> Hi, > > I stumbled on this: > > $ systemctl cat cron-crontab-pi-0 | grep Environment > Environment="A=a a" "MAILTO=system-c...@mailinator.com" "B=b b" "C=c c" > $ systemctl show cron-crontab-pi-0 -p Environment > Environment=A=a a MAILTO=system-c...@mailinator.com B=b b C=c c > > -> the quotes are gone. > > Is this done by design, or a bug in "systemctl show" ? > > My simple parser could be abused if someone hid a MAILTO= inside an other env > variable. > https://github.com/systemd-cron/systemd-cron/blob/master/src/bin/mail_on_failure > > Here this won't hurt, but this may causes security problems elsewhere. I made some minimal changes to git now: http://cgit.freedesktop.org/systemd/systemd/commit/?id=27e9c5af817147ea1c678769e45e83f2e4b4ae96 This tries to improve things a bit, but I figure it might break stuff for you. So previously we'd just output the strings as is, separated by spaces, and suffixed by a single newline. If the string contained spaces this would create an ambiguigity when trying to parse this. Now, completely changing the ouput by enclosing everything in "" and escaping the " to \" inside the strings appears wrong to me, since it's a major compat break. I hence went the other way, and will now escape spaces and newlines inside the strings to the usualy C "\x012" syntax. This means spaces now become \x020. This makes the output reversible, but of course looks awful if env vars really contain spaces... Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel