summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2013-02-09 19:54:08 +0100
committerJonas Smedegaard <dr@jones.dk>2013-03-09 05:46:00 +0100
commit45ad89b6cddbcb3c112f1c2cdfd4361bc7fdced3 (patch)
tree06d7e81a91f8a4cbb5e49dd9bb7f49ada9e9c6c1
parente02c127f8e2c5001cf90429a2ee3532d7a4e3c76 (diff)
Dual-quote arguments passed to su_monkeysphere_user() when possible.dualquote
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. Quoting shell-inside-shell is tricky to do right, and gets trickier when the wrapper demands unusually complex quoting. su_monkeysphere_user() expands arguments using "$*" which (unlike "$@") collapses all arguments into a single string, and therefore require "risky" arguments (e.g. ones containing variables that may contain space or other unusual characters) to be dual-quoted for them to not wreak havoc at the inside shell. This patch improves arguments passed to su_monkeysphere_user() by first single-quoting and then double-quoting arguments containing variables. NB! Dynamic arguments are only double-quoted ( "$@" ) which looks safe but effectively is a noop (quoting is lost at wrapper!).
-rw-r--r--src/share/ma/add_certifier10
-rw-r--r--src/share/ma/remove_certifier2
-rw-r--r--src/share/ma/update_users2
-rw-r--r--src/share/mh/add_revoker10
-rw-r--r--src/share/mh/publish_key2
5 files changed, 13 insertions, 13 deletions
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index d456763..3acfd34 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
- . "${SYSSHAREDIR}/list_primary_fingerprints" < "$keyID")
+ . "'${SYSSHAREDIR}/list_primary_fingerprints'" < "$keyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
@@ -114,12 +114,12 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then
# else, get the key from the keyserver
else
log verbose "searching keyserver $KEYSERVER for keyID $keyID..."
- gpg_sphere --keyserver "$KEYSERVER" --recv-key "0x${keyID}!" \
+ gpg_sphere --keyserver "'$KEYSERVER'" --recv-key "'0x${keyID}!'" \
|| failure "Could not receive a key with this ID from the '$KEYSERVER' keyserver."
# get the full fingerprint of new certifier key
log debug "getting fingerprint of certifier key..."
- fingerprint=$(gpg_sphere --list-key --with-colons --with-fingerprint "0x${keyID}!" \
+ fingerprint=$(gpg_sphere --list-key --with-colons --with-fingerprint "'0x${keyID}!'" \
| grep '^fpr:' | cut -d: -f10)
# test that there is only a single fingerprint
@@ -133,7 +133,7 @@ EOF
fi
log info "key found:"
- gpg_sphere --fingerprint "0x${fingerprint}!"
+ gpg_sphere --fingerprint "'0x${fingerprint}!'"
if [ "$PROMPT" != "false" ] ; then
printf "Are you sure you want to add the above key as a certifier\nof users on this system? (Y/n) " >&2
@@ -149,7 +149,7 @@ fi
# export the key to the core keyring so that the core can sign the
# new certifier key
log debug "loading key into core keyring..."
-gpg_sphere --export "0x${fingerprint}!" | gpg_core --import
+gpg_sphere --export "'0x${fingerprint}!'" | gpg_core --import
# edit-key script to ltsign key
# NOTE: *all* user IDs will be ltsigned
diff --git a/src/share/ma/remove_certifier b/src/share/ma/remove_certifier
index 9f5be25..6ec9a2d 100644
--- a/src/share/ma/remove_certifier
+++ b/src/share/ma/remove_certifier
@@ -37,7 +37,7 @@ else
fi
# delete the requested key from the sphere keyring
-if gpg_sphere --delete-key --batch --yes "0x${keyID}!" ; then
+if gpg_sphere --delete-key --batch --yes "'0x${keyID}!'" ; then
# delete key from core keyring as well
gpg_core --delete-key --batch --yes "0x${keyID}!"
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index 991c302..09ca9cb 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -79,7 +79,7 @@ for uname in $unames ; do
# process authorized_user_ids file, as monkeysphere user
su_monkeysphere_user \
- . "${SYSSHAREDIR}/process_authorized_user_ids" "'$STRICT_MODES'" - \
+ . "'${SYSSHAREDIR}/process_authorized_user_ids'" "'$STRICT_MODES'" - \
< "$authorizedUserIDs" \
> "$tmpAuthorizedKeys"
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 4647372..bfc7a04 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
- . "${SYSSHAREDIR}/list_primary_fingerprints" < "$revokerKeyID")
+ . "'${SYSSHAREDIR}/list_primary_fingerprints'" < "$revokerKeyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
@@ -71,12 +71,12 @@ else
# download the key from the keyserver as the monkeysphere user
log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..."
- su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \
+ su_monkeysphere_user "'GNUPGHOME=$tmpDir'" gpg --quiet --keyserver "'$KEYSERVER'" --recv-key "'0x${revokerKeyID}!'" \
|| failure "Could not receive a key with this ID from keyserver '$KEYSERVER'."
# get the full fingerprint of new revoker key
log debug "getting fingerprint of revoker key..."
- fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \
+ fingerprint=$(su_monkeysphere_user "'GNUPGHOME=$tmpDir'" gpg --list-key --with-colons --with-fingerprint "'${revokerKeyID}'" \
| grep '^fpr:' | cut -d: -f10)
# test that there is only a single fingerprint
@@ -90,7 +90,7 @@ EOF
fi
log info "revoker key found:"
- su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --fingerprint "0x${fingerprint}!"
+ su_monkeysphere_user "'GNUPGHOME=$tmpDir'" gpg --fingerprint "'0x${fingerprint}!'"
if [ "$PROMPT" = "true" ] ; then
printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2
@@ -104,7 +104,7 @@ EOF
# export the new key to the host keyring
log debug "loading revoker key into host keyring..."
- su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --export "0x${fingerprint}!" \
+ su_monkeysphere_user "'GNUPGHOME=$tmpDir'" gpg --quiet --export "'0x${fingerprint}!'" \
| gpg_host --import
fi
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key
index 9c41bc2..9fb2e72 100644
--- a/src/share/mh/publish_key
+++ b/src/share/mh/publish_key
@@ -53,7 +53,7 @@ done
# publish key
log debug "publishing key with the following gpg command line and options:"
su_monkeysphere_user \
- gpg --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!"
+ gpg --keyserver "'$KEYSERVER'" ${ANCHORFILE:+--keyserver-options "'ca-cert-file=$ANCHORFILE'"} --send-keys "'0x${keyID}!'"
# remove the tmp file
trap - EXIT