Re: [PATCH v2] configure: fix out of tree build; check unsafe characters in srcdir

Subject: Re: [PATCH v2] configure: fix out of tree build; check unsafe characters in srcdir

Date: Thu, 29 Aug 2019 20:10:36 +0300

To: Daniel Kahn Gillmor,


From: Tomi Ollila

On Thu, Aug 29 2019, Daniel Kahn Gillmor wrote:

> On Mon 2019-08-26 20:03:46 +0300, Tomi Ollila wrote:
>> While check for GMime session key extraction support... was made
>> out of tree build compatible, related (and some unrelated) unsafe
>> characters are now checked in notmuch source directory path.
> LGTM.   Thanks, Tomi.
>> The known unsafe characters in NOTMUCH_SRCDIR are:
>> - Single quote (') -- NOTMUCH_SRCDIR='${NOTMUCH_SRCDIR}'
>>   is written to sh.config in configure line 1328.
>> - Double quote (") -- configure line 521 *now* writes "$srcdir"
>>   into generated c source file ($NOTMUCH_SRCDIR includes $srcdir).
>> - Backslash (\) could also be problematic in configure line 521.
>> - The added $ and ` are potentially unsafe -- inside double quotes
>>   in shell script those have special meaning.
> This is a great list of concerns to have enumerated.  How did you
> generate it?

The enumerated cases are what I think takes care what gets expanded 
inside single quotes (none there), double quotes (and heredocs when
delimiter is not in ''s)

(and if there ever were any encoding conversions...uhh forget it now ;)

The ' was simple. Inside single quotes nothing gets expanded, second '
ends it...

Inside double quotes (and abovementioned here documents) of none of the
characters in \ " ` $ is present, nothing gets expanded. I think I 
exhausted the options. See e.g. QUOTING in bash(1) namual page for
more information...

... In that section it also mentioned ! as history expansion, In 
non-interactive shell scripts it is not on. Compare:

$ : previous command :
$ echo "'!!'"
# bash -c 'echo "!!"'

> Are these things that we can pick off one by one?  It'd be great to be
> robust against being built in weirdly named paths in the filesystem, and
> it has always bothered me that so much of our tooling is brittle in that
> way.

IMO we can pick more of these one by one if we encounter more cases...

When I picked the characters to be excluced I deliberately left out $IFS
characters (space tab newline) and would have guessed that configuring
and building would fail (and pre-planned to look that in near/far future).

To my surprise mkdir 'build dir'; cd 'build dir'; ../notmuch/configure
and then `make` just worked. :D

I did not dare to run tests -- I'm pretty sure that would fail...

>         --dkg

notmuch mailing list