[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be taint
From: |
Ralf Wildenhues |
Subject: |
Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted |
Date: |
Mon, 24 Nov 2008 19:56:14 +0100 |
User-agent: |
Mutt/1.5.18 (2008-05-17) |
Hello Jim,
* Jim Meyering wrote on Mon, Nov 24, 2008 at 05:09:08PM CET:
>
> I noticed unquoted uses of $(top_srcdir) in lib/Makefile.am
> and found that gnulib-tool generated them.
> While that's normally not a problem (most of us use well-behaved names),
> it can lead to malfunction or even serious abuse with ill-chosen or
> malicious absolute source directory names.
While I agree that absolute paths should be treated with caution,
I don't think we can make autotools' and gnulib's outputs really
safe against arbitrary characters in $(srcdir) and $(top_srcdir),
which are usually relative. For a simple example, `make' prevents
many characters to work reliably in these paths.
git Automake and Autoconf are a lot safer for $(abs_*) paths than
they were before, but not for relative paths. So if `pwd` contains
ugliness, we expect from the user not to invoke configure with an
absolute path (Autoconf rationalizes `pwd`/configure, though).
Cheers,
Ralf
- [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted, Jim Meyering, 2008/11/24
- Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted,
Ralf Wildenhues <=
- Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted, Jim Meyering, 2008/11/24
- Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted, Ralf Wildenhues, 2008/11/25
- Re: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted, Jim Meyering, 2008/11/25
- Automake and whitespace in pwd (was: [PATCH] gnulib-tool: do not use $(top_srcdir) unquoted; may be tainted), Ralf Wildenhues, 2008/11/26
- Re: Automake and whitespace in pwd, Jim Meyering, 2008/11/27
- Re: Automake and whitespace in pwd, Ralf Corsepius, 2008/11/27
- Re: Automake and whitespace in pwd, Ralf Wildenhues, 2008/11/27