Am 27.01.2010, 09:13 Uhr, schrieb Yaakov (Cygwin/X)
<yselkow...@users.sourceforge.net>:
On 26/01/2010 23:38, Steven Monai wrote:
Imagine if a program like 'cp' failed because the current working
directory has a pathname that contains spaces. You'd probably agree with
me that 'cp' had a rather serious flaw, wouldn't you?
cygport is not 'cp'. cygport is a shell script, as are configure
scripts, the autoconf-generated kind being the most common build system
out there. Shell scripts usually use spaces for IFS. Hence
distinguishing between a space in a file name/path and whitespace
between arguments is fraught with difficulties.
I stand by my original report. This is a bug. Not a serious show-stopper
by any stretch, but a bug, nonetheless.
>
When I find the time and motivation, I may try my hand at fixing it
myself. I'll report back with patches if I do.
As the author of cygport, I'll advise you that your time will be much
better spent getting used to not using spaces in file and directory
names rather than pretending to "fix" a case that will never be
guaranteed to work.
This isn't acceptable as a generic statement.
If you're unwilling to fix the cygport parts of the bug, that's fine, but
claiming that fixing it were generally not worthwhile amounts to blessing
insecure programming practices.
If shell scripts, including cygport, cannot be bothered to quote variables
properly, worse things can happen than just blanks, think for instance
glob special characters or semicolons. This routinely raises SECURITY
ISSUES unless you're using 100% trusted data, IOW, scripts that fail on
blanks in path names, will do worse things under attack. And now consider
how many people are actually using Cygwin on systems where running with
Administrator privileges is commonplace (XP...)
And I've made other packages work in directories that contain blanks, for
instance bogofilter including test suite. It was some work to revisit all
of the scripts, but not a major undertaking.
Of course fixing cygport won't assure its user that the package itself is
safe in paths with blanks, but at least then you can say that you've done
your part and the fix is SOEP (someone else's problem).
That other parts might fail is NOT AN excuse to not do your own job in a
way that breaks other people's expectations.
I'd seriously ask you to reconsider.
--
Matthias Andree
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
