[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [PATCH] Prevent Perl exec function from ever interpreting commands as shell



On Tue, 2023-07-04 at 22:48 +0200, Guillem Jover wrote:

> Attached is the man page update I've got queued locally, but I'm happy
> to clarify further if you think that would be insufficient.

Please write "shell metacharacters" instead of "metacharacters".

> On Wed, 2023-06-14 at 09:49:41 +0800, Paul Wise wrote:
> > Perhaps it should go through the deprecation cycle you mention too.
> 
> I checked on sources.d.n, and AFAIR only saw a couple of potentially
> problematic instances. But this might be affecting local scripts and
> tooling. I'll ponder about it, or perhaps ask on d-d or similar
> whether this would be very disruptive.

Ack, seems reasonable.

> Ack, I considered whether switching that script to use Dpkg::IPC would
> be better, but it does not depend on any other Dpkg module, and it is
> intended to be run from the build tree, so your change as-is looks good,
> and so I've queued that part too.

Ack, thanks.

> And I found another instance in the dpkg-shlibdeps code which I've
> also fixed.

Woops, thanks.

> I'm attaching the three patches. Thanks!

Looks good.

-- 
bye,
pabs

https://wiki.debian.org/PaulWise

Attachment: signature.asc
Description: This is a digitally signed message part


Reply to: