summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJonas Smedegaard <dr@jones.dk>2013-03-08 19:29:38 +0100
committerDaniel Kahn Gillmor <dkg@fifthhorseman.net>2013-03-13 02:13:38 -0400
commit0c081207c94b0ed338a704fafac10166ce98bba7 (patch)
treeef791d7ea68fd6a51074156bbac97d9c6b5a398a
parented10318d3760b56e57d5e1bef04ab57761ab8bd1 (diff)
Pass only single commands through su wrapper
It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. Quoting shell-inside-shell is tricky to do right, and gets trickier when more than a single command is wrapped together. This patch simplifies convoluted shell calls to contain only one command each. Example: before: bash -c ". .../common; process_authorized_user_ids -" after: bash -c ".../common process_authorized_user_ids -"
-rw-r--r--src/share/ma/add_certifier2
-rw-r--r--src/share/ma/update_users2
-rw-r--r--src/share/mh/add_revoker2
3 files changed, 3 insertions, 3 deletions
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier
index 3ce5000..86c2fd4 100644
--- a/src/share/ma/add_certifier
+++ b/src/share/ma/add_certifier
@@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
- ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID")
+ "${SYSSHAREDIR}/common list_primary_fingerprints" < "$keyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."
diff --git a/src/share/ma/update_users b/src/share/ma/update_users
index a70d000..85813cd 100644
--- a/src/share/ma/update_users
+++ b/src/share/ma/update_users
@@ -79,7 +79,7 @@ for uname in $unames ; do
# process authorized_user_ids file, as monkeysphere user
su_monkeysphere_user \
- ". ${SYSSHAREDIR}/common; STRICT_MODES='$STRICT_MODES' process_authorized_user_ids -" \
+ "/usr/bin/env STRICT_MODES='$STRICT_MODES' ${SYSSHAREDIR}/common process_authorized_user_ids -" \
< "$authorizedUserIDs" \
> "$tmpAuthorizedKeys"
diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker
index 41cf090..5a2032c 100644
--- a/src/share/mh/add_revoker
+++ b/src/share/mh/add_revoker
@@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then
# check the key is ok as monkeysphere user before loading
log debug "checking keys in file..."
fingerprint=$(su_monkeysphere_user \
- ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$revokerKeyID")
+ "${SYSSHAREDIR}/common list_primary_fingerprints" < "$revokerKeyID")
if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then
failure "There was not exactly one gpg key in the file."