From 45ad89b6cddbcb3c112f1c2cdfd4361bc7fdced3 Mon Sep 17 00:00:00 2001 From: Jonas Smedegaard Date: Sat, 9 Feb 2013 19:54:08 +0100 Subject: Dual-quote arguments passed to su_monkeysphere_user() when possible. It is a healthy coding practice to keep each argument separate when executing system calls, i.e. quote each variable separately instead of relying on whitespace to indicate argument separation. Quoting shell-inside-shell is tricky to do right, and gets trickier when the wrapper demands unusually complex quoting. su_monkeysphere_user() expands arguments using "$*" which (unlike "$@") collapses all arguments into a single string, and therefore require "risky" arguments (e.g. ones containing variables that may contain space or other unusual characters) to be dual-quoted for them to not wreak havoc at the inside shell. This patch improves arguments passed to su_monkeysphere_user() by first single-quoting and then double-quoting arguments containing variables. NB! Dynamic arguments are only double-quoted ( "$@" ) which looks safe but effectively is a noop (quoting is lost at wrapper!). --- src/share/mh/add_revoker | 10 +++++----- src/share/mh/publish_key | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) (limited to 'src/share/mh') diff --git a/src/share/mh/add_revoker b/src/share/mh/add_revoker index 4647372..bfc7a04 100644 --- a/src/share/mh/add_revoker +++ b/src/share/mh/add_revoker @@ -52,7 +52,7 @@ if [ -f "$revokerKeyID" -o "$revokerKeyID" = '-' ] ; then # check the key is ok as monkeysphere user before loading log debug "checking keys in file..." fingerprint=$(su_monkeysphere_user \ - . "${SYSSHAREDIR}/list_primary_fingerprints" < "$revokerKeyID") + . "'${SYSSHAREDIR}/list_primary_fingerprints'" < "$revokerKeyID") if [ $(printf "%s" "$fingerprint" | egrep -c '^[A-F0-9]{40}$') -ne 1 ] ; then failure "There was not exactly one gpg key in the file." @@ -71,12 +71,12 @@ else # download the key from the keyserver as the monkeysphere user log verbose "searching keyserver $KEYSERVER for revoker keyID $revokerKeyID..." - su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --keyserver "$KEYSERVER" --recv-key "0x${revokerKeyID}!" \ + su_monkeysphere_user "'GNUPGHOME=$tmpDir'" gpg --quiet --keyserver "'$KEYSERVER'" --recv-key "'0x${revokerKeyID}!'" \ || failure "Could not receive a key with this ID from keyserver '$KEYSERVER'." # get the full fingerprint of new revoker key log debug "getting fingerprint of revoker key..." - fingerprint=$(su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --list-key --with-colons --with-fingerprint "${revokerKeyID}" \ + fingerprint=$(su_monkeysphere_user "'GNUPGHOME=$tmpDir'" gpg --list-key --with-colons --with-fingerprint "'${revokerKeyID}'" \ | grep '^fpr:' | cut -d: -f10) # test that there is only a single fingerprint @@ -90,7 +90,7 @@ EOF fi log info "revoker key found:" - su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --fingerprint "0x${fingerprint}!" + su_monkeysphere_user "'GNUPGHOME=$tmpDir'" gpg --fingerprint "'0x${fingerprint}!'" if [ "$PROMPT" = "true" ] ; then printf "Are you sure you want to add the above key as a revoker\nof the key '$keyID'? (Y/n) " >&2 @@ -104,7 +104,7 @@ EOF # export the new key to the host keyring log debug "loading revoker key into host keyring..." - su_monkeysphere_user "GNUPGHOME=$tmpDir" gpg --quiet --export "0x${fingerprint}!" \ + su_monkeysphere_user "'GNUPGHOME=$tmpDir'" gpg --quiet --export "'0x${fingerprint}!'" \ | gpg_host --import fi diff --git a/src/share/mh/publish_key b/src/share/mh/publish_key index 9c41bc2..9fb2e72 100644 --- a/src/share/mh/publish_key +++ b/src/share/mh/publish_key @@ -53,7 +53,7 @@ done # publish key log debug "publishing key with the following gpg command line and options:" su_monkeysphere_user \ - gpg --keyserver "$KEYSERVER" ${ANCHORFILE:+--keyserver-options "ca-cert-file=$ANCHORFILE"} --send-keys "0x${keyID}!" + gpg --keyserver "'$KEYSERVER'" ${ANCHORFILE:+--keyserver-options "'ca-cert-file=$ANCHORFILE'"} --send-keys "'0x${keyID}!'" # remove the tmp file trap - EXIT -- cgit v1.2.3