| Age | Commit message (Collapse) | Author |
|---|
|
It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.
Quoting shell-inside-shell is tricky to do right, and gets trickier when
the wrapper demands unusually complex quoting.
su_monkeysphere_user() expands arguments using "$*" which (unlike "$@")
collapses all arguments into a single string, and therefore require
"risky" arguments (e.g. ones containing variables that may contain space
or other unusual characters) to be dual-quoted for them to not wreak
havoc at the inside shell.
This patch improves arguments passed to su_monkeysphere_user() by first
single-quoting and then double-quoting arguments containing variables.
NB! Dynamic arguments are only double-quoted ( "$@" ) which looks safe
but effectively is a noop (quoting is lost at wrapper!).
|
|
90166e0bb8e4ebc1c1174d9bc2021c604b7a1bd7
There were another calls to gpg_sphere that were packing everything
into a single argument. Since we fixed the need to do that, we fix
all these other calls that were fixed in the first round.
|
|
|
|
|
|
|
|
ultimate ownertrust
|
|
missing
|
|
|
|
for functions that prompt for confirmation. Also fix publish_key
function (NOT TESTED).
|
|
- fix left over bad invocations of gpg_sphere --list-keys
- add some more debug log output
|
|
fix some logging output
|
|
is so that the sphere does not have to read the core pubring to get
the certifier ltsigs, and we can therefore keep tighter permissions on
the core keyring files. updated some comments/documentation as well.
|
|
Makefile as well)
|
