Bug#904087: emacsspeak-ss postrm: potentially unsafe shell code

To: submit@bugs.debian.org
Cc: Yann Régis-Gianas <yrg@irif.fr>
Subject: Bug#904087: emacsspeak-ss postrm: potentially unsafe shell code
From: Ralf Treinen <treinen@irif.fr>
Date: Thu, 19 Jul 2018 13:23:26 +0200
Message-id: <[🔎] 20180719112325.p5nloqdqp6zrl7uq@vanadium.pps.univ-paris-diderot.fr>
Reply-to: Ralf Treinen <treinen@irif.fr>, 904087@bugs.debian.org

Package: emacspeak-ss
Version: 1.12.1-7
Severity: minor
User: treinen@debian.org
Usertags: colis-shparser

Hi,

the prerm script of emacspeak-ss contains a perl script as a
here document (which in reality is read by perl -x) like this:

perl -x $0        # execute this file as a perl program
true <<EOF        # bash discards everything from here to EOF
[some perl code]
__END__
EOF

Written this way, the here document is expanded by the shell. The result
of this expansion is sent to the true command, and the perl interpreter
sees the original unexpanded perl script. The potential problem is that
shell expansion may have side effects through subshell expansion and
parameter expansion with assignments, so this seems unsafe.

We suggest to replace the second line of the above snippet by 

true <<'EOF'

since the quote character in the delimiter tells the shell to not
expand the here docment.

-Yann and Ralf.
-- 
Ralf Treinen
Institut de Recherche en Informatique Fondamentale
Équipe Preuves, Programmes et Systèmes
Université Paris Diderot, Paris, France.
http://www.irif.fr/~treinen/

Reply to:

Prev by Date: Re: Fenrir 1.9.2 Released
Next by Date: Fwd: Fenrir 1.9.2 Released
Previous by thread: Re: espeakup
Next by thread: Processed: tagging 904087
Index(es):
- Date
- Thread