[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

[PATCH] Prevent Perl exec function from ever interpreting commands as shell



This means that the dpkg-architecure -c/--command option will no
longer be able to cause the shell to interpret the command.

The system/exec functions sometimes execute the command as shell,
passing an indirect object as the first argument avoids that.

The shell usage happens always on Windows and on other platforms only
when there is one argument and it contains shell metacharacters.

Fixes: commit 07c81f94aa64e9b6f148c5b5cb24461708feb2b5
See-also: https://perldoc.perl.org/functions/exec.html
---
 scripts/dpkg-architecture.pl             | 2 +-
 scripts/t/Dpkg_Shlibs/spacesyms-o-map.pl | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/scripts/dpkg-architecture.pl b/scripts/dpkg-architecture.pl
index 11fb0bdbd..b9caabcf9 100755
--- a/scripts/dpkg-architecture.pl
+++ b/scripts/dpkg-architecture.pl
@@ -380,7 +380,7 @@ if ($action eq 'list') {
     @ENV{keys %v} = values %v;
     ## no critic (TestingAndDebugging::ProhibitNoWarnings)
     no warnings qw(exec);
-    exec @ARGV or syserr(g_('unable to execute %s'), "@ARGV");
+    exec { $ARGV[0] } @ARGV or syserr(g_('unable to execute %s'), "@ARGV");
 } elsif ($action eq 'query') {
     print "$v{$req_variable_to_print}\n";
 } elsif ($action eq 'list-known') {
diff --git a/scripts/t/Dpkg_Shlibs/spacesyms-o-map.pl b/scripts/t/Dpkg_Shlibs/spacesyms-o-map.pl
index 89a1caf71..5081de48a 100755
--- a/scripts/t/Dpkg_Shlibs/spacesyms-o-map.pl
+++ b/scripts/t/Dpkg_Shlibs/spacesyms-o-map.pl
@@ -22,4 +22,4 @@ while (<$nm>) {
 close $nm;
 
 push @cmds, $input, $output;
-exec @cmds;
+exec { $cmds[0] } @cmds;
-- 
2.40.1


Reply to: