On Sun, Jul 05, 2009 at 03:50:02PM -0600, Eric Blake wrote:
>-----BEGIN PGP SIGNED MESSAGE-----
>Hash: SHA1
>
>According to Ian Kelling on 7/5/2009 12:06 PM:
>> In the ssh package there is a bug in /usr/bin/ssh-host-config where if
>> you select a valid password spaces or punctuation that bash knows of, it
>> will fail and you could possibly shoot yourself in the foot due to
>> evaling your password. I don't know who is responsible, or what mailing
>> list to post on, but here is a patch.
>
>This is the right list.
>
>> - cygwin_env="-e CYGWIN=\"${csih_cygenv}\""
>> + cygwin_env=( -e "CYGWIN=${csih_cygenv}" )
>
>I don't see why you need an array variable.
>
>> fi
>> if [ -z "${password}" ]
>> then
>> - if eval cygrunsrv -I sshd -d \"CYGWIN sshd\" -p /usr/sbin/sshd \
>> - -a "-D" -y tcpip ${cygwin_env}
>> + if cygrunsrv -I sshd -d "CYGWIN sshd" -p /usr/sbin/sshd \
>> + -a "-D" -y tcpip "${cygwin_e...@]}"
>
>The eval is still reasonable, but with proper quoting:
>
>if eval cygrunsrv ... -y tcpip "${cygwin_env}"
How is eval better than an array environment variable? The above use of
"${cygwin_e...@]}" seems to do exactly what you'd want without worrying
about the additional gotchas from an eval.
cgf
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
