diff options
author | Jonas Smedegaard <dr@jones.dk> | 2013-03-08 19:29:38 +0100 |
---|---|---|
committer | Daniel Kahn Gillmor <dkg@fifthhorseman.net> | 2013-03-13 02:13:38 -0400 |
commit | 0c081207c94b0ed338a704fafac10166ce98bba7 (patch) | |
tree | ef791d7ea68fd6a51074156bbac97d9c6b5a398a /src | |
parent | ed10318d3760b56e57d5e1bef04ab57761ab8bd1 (diff) |
Pass only single commands through su wrapper
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
more than a single command is wrapped together.
This patch simplifies convoluted shell calls to contain only one command
each.
Example:
before: bash -c ". .../common; process_authorized_user_ids -"
after: bash -c ".../common process_authorized_user_ids -"
Diffstat (limited to 'src')
-rw-r--r-- | src/share/ma/add_certifier | 2 | ||||
-rw-r--r-- | src/share/ma/update_users | 2 | ||||
-rw-r--r-- | src/share/mh/add_revoker | 2 |
3 files changed, 3 insertions, 3 deletions
diff --git a/src/share/ma/add_certifier b/src/share/ma/add_certifier index 3ce5000..86c2fd4 100644 --- a/src/share/ma/add_certifier +++ b/src/share/ma/add_certifier @@ -101,7 +101,7 @@ if [ -f "$keyID" -o "$keyID" = '-' ] ; then # check the key is ok as monkeysphere user before loading log debug "checking keys in file..." fingerprint=$(su_monkeysphere_user \ - ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$keyID") + "${SYSSHAREDIR}/common list_primary_fingerprints" < "$keyID") if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." diff --git a/src/share/ma/update_users b/src/share/ma/update_users index a70d000..85813cd 100644 --- a/src/share/ma/update_users +++ b/src/share/ma/update_users @@ -79,7 +79,7 @@ for uname in $unames ; do # process authorized_user_ids file, as monkeysphere user su_monkeysphere_user \ - ". ${SYSSHAREDIR}/common; STRICT_MODES='$STRICT_MODES' process_authorized_user_ids -" \ + "/usr/bin/env STRICT_MODES='$STRICT_MODES' ${SYSSHAREDIR}/common process_authorized_user_ids -" \ < "$authorizedUserIDs" \ > "$tmpAuthorizedKeys" diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 41cf090..5a2032c 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then # check the key is ok as monkeysphere user before loading log debug "checking keys in file..." fingerprint=$(su_monkeysphere_user \ - ". ${SYSSHAREDIR}/common; list_primary_fingerprints" < "$revokerKeyID") + "${SYSSHAREDIR}/common list_primary_fingerprints" < "$revokerKeyID") if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." |