[mythtv-commits] Ticket #10680: MythSystem doesn't split command line strings internally (was: MythSystem doesn't escape shell arguments)
MythTV
noreply at mythtv.org
Wed May 2 05:56:59 UTC 2012
#10680: MythSystem doesn't split command line strings internally
---------------------------------+-----------------------------
Reporter: github@… | Owner: wagnerrp
Type: Developer Task | Status: accepted
Priority: minor | Milestone: unknown
Component: MythTV - MythSystem | Version: Master Head
Severity: medium | Resolution:
Keywords: | Ticket locked: 0
---------------------------------+-----------------------------
Changes (by wagnerrp):
* status: new => accepted
* component: MythTV - General => MythTV - MythSystem
* owner: => wagnerrp
* type: Bug Report - General => Developer Task
Old description:
> The !MythSystem utility doesn't escape shell metacharacters in arguments.
> That means that if an argument has a space in it, the command will fail.
> Worse, if an argument has a pipe in it, then an external program will
> inadvertently be executed.
>
> Everyone using !MythSystem seems to be doing their own (broken) escaping.
> See, for example, 50f91450b3136cc5d0e832946d6b161ff640fcfb.
>
> I tried to correct the broken escaping mechanisms I could find, (see
> https://github.com/MythTV/mythtv/pull/18). The request was denied, (see
> issue #10677), on the grounds that !MythSystem should manage the
> escaping.
>
> So it seems that !MythSystem ought to escape shell arguments, at least in
> the case where the arguments are supplied as a QStringList. If that's not
> possible soon, then IMHO issue #10677 ought to be reopened. I filed this
> ticket so that either course would be possible.
New description:
The rewritten MythSystem class allows arguments to be passed in as list,
which in turn allows MythSystem to run external applications directly
using an execv() system call. If the old style of using myth_system() is
called instead, MythSystem leaves processing of the command string up to
the local system shell, leaving the possibility of misinterpretation. Add
an internal mechanism to handle splitting up those command strings into
argument lists such that that can be run directly as well, bypassing any
potential issues caused by improper shell escaping.
--
--
Ticket URL: <http://code.mythtv.org/trac/ticket/10680#comment:1>
MythTV <http://code.mythtv.org/trac>
MythTV Media Center
More information about the mythtv-commits
mailing list