diff options
author | Jonas Smedegaard <dr@jones.dk> | 2013-02-09 19:54:08 +0100 |
---|---|---|
committer | Jonas Smedegaard <dr@jones.dk> | 2013-03-09 05:46:00 +0100 |
commit | 45ad89b6cddbcb3c112f1c2cdfd4361bc7fdced3 (patch) | |
tree | 06d7e81a91f8a4cbb5e49dd9bb7f49ada9e9c6c1 /src/share/mh/publish_key | |
parent | e02c127f8e2c5001cf90429a2ee3532d7a4e3c76 (diff) |
Dual-quote arguments passed to su_monkeysphere_user() when possible.dualquote
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
the wrapper demands unusually complex quoting.
su_monkeysphere_user() expands arguments using "$*" which (unlike "$@")
collapses all arguments into a single string, and therefore require
"risky" arguments (e.g. ones containing variables that may contain space
or other unusual characters) to be dual-quoted for them to not wreak
havoc at the inside shell.
This patch improves arguments passed to su_monkeysphere_user() by first
single-quoting and then double-quoting arguments containing variables.
NB! Dynamic arguments are only double-quoted ( "$@" ) which looks safe
but effectively is a noop (quoting is lost at wrapper!).
Diffstat (limited to 'src/share/mh/publish_key')
-rw-r--r-- | src/share/mh/publish_key | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 9c41bc2..9fb2e72 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -53,7 +53,7 @@ done # publish key log debug "publishing key with the following gpg command line and options:" su_monkeysphere_user \ - gpg --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!" + gpg --keyserver "'$KEYSERVER'" ${ANCHORFILE:+--keyserver-options "'ca-cert-file=$ANCHORFILE'"} --send-keys "'0x${keyID}!'" # remove the tmp file trap - EXIT |