From 1110201eddb377e0b900f6f9f8de93fcddfde1a3 Mon Sep 17 00:00:00 2001
From: Jonas Smedegaard <dr@jones.dk>
Date: Sat, 9 Mar 2013 17:21:43 +0100
Subject: Preserve (instead of collapse) arguments in su_monkeysphere_user().

It is a healthy coding practice to keep each argument separate when
executing system calls, i.e. quote each variable separately instead of
relying on whitespace to indicate argument separation.

Quoting shell-inside-shell is tricky to do right, but not impossible:

Bourne-derived shells treat single-quoting literally, which means that
shell command arguments (i.e. an array of strings) should be safe to
serialize (dual-quote) using these simple rules:

 b) each single-quote inside each string is escaped as '\''
 a) each string is surrounded by single-quotes

This patch applies above single-quote serialization for
su_monkeysphere_user().

This appears to break for commands that start with variable
assignment, like:

  PAGER=cat git diff

So as long as we do not use that form, su_monkeysphere_user() should
not treat its variables any worse than previous non-quoting.
---
 src/share/common | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'src')

diff --git a/src/share/common b/src/share/common
index 508b064..78fb04e 100755
--- a/src/share/common
+++ b/src/share/common
@@ -101,15 +101,19 @@ su_monkeysphere_user() {
     # introduce an extra dependency just for this.  This may be a
     # candidate for re-factoring if we switch implementation languages.
 
+    # singlequote-escape strings - like this bashism:
+    #   printf -v CMDLINE "%q " "$@"
+    local CMDLINE="$(perl -0 -e "foreach (@ARGV) {s/'/'\\\\''/g; print \"'\$_' \"}" "$@")"
+
     case $(id -un) in
 	# if monkeysphere user, run the command under bash
 	"$MONKEYSPHERE_USER")
-	    bash -c "$*"
+	    bash -c "$CMDLINE"
 	    ;;
 
          # if root, su command as monkeysphere user
 	'root')
-	    su "$MONKEYSPHERE_USER" -c "$*"
+	    su "$MONKEYSPHERE_USER" -c "$CMDLINE"
 	    ;;
 
 	# otherwise, fail
-- 
cgit v1.2.3