X-Recipient:	archive-cygwin AT delorie DOT com
X-SWARE-Spam-Status:	No, hits=-2.6 required=5.0 tests=BAYES_00,SPF_PASS
X-Spam-Check-By:	sourceware.org
To:	"Yaakov (Cygwin/X)" <yselkowitz AT users DOT sourceforge DOT net>, cygwin AT cygwin DOT com
Subject:	Re: Bug: cygport fails when the working directory pathname contains spaces
References:	<4B5FA03C DOT 8020504 AT monai DOT ca> <4B5FC41E DOT 6090301 AT users DOT sourceforge DOT net> <4B5FD16E DOT 4060107 AT monai DOT ca> <4B5FF5AE DOT 3050904 AT users DOT sourceforge DOT net>
Date:	Wed, 27 Jan 2010 09:36:29 +0100
MIME-Version:	1.0
From:	"Matthias Andree" <matthias DOT andree AT gmx DOT de>
Message-ID:	<op.u66ni3hb1e62zd@merlin.emma.line.org>
In-Reply-To:	<4B5FF5AE.3050904@users.sourceforge.net>
User-Agent:	Opera Mail/10.10 (Linux)
X-IsSubscribed:	yes
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Unsubscribe:	<mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com

Am 27.01.2010, 09:13 Uhr, schrieb Yaakov (Cygwin/X)  
<yselkowitz AT users DOT sourceforge DOT net>:

> On 26/01/2010 23:38, Steven Monai wrote:
>> Imagine if a program like 'cp' failed because the current working
>> directory has a pathname that contains spaces. You'd probably agree with
>> me that 'cp' had a rather serious flaw, wouldn't you?
>
> cygport is not 'cp'.  cygport is a shell script, as are configure  
> scripts, the autoconf-generated kind being the most common build system  
> out there.  Shell scripts usually use spaces for IFS.  Hence  
> distinguishing between a space in a file name/path and whitespace  
> between arguments is fraught with difficulties.
>
>> I stand by my original report. This is a bug. Not a serious show-stopper
>> by any stretch, but a bug, nonetheless.
>  >
>> When I find the time and motivation, I may try my hand at fixing it
>> myself. I'll report back with patches if I do.
>
> As the author of cygport, I'll advise you that your time will be much  
> better spent getting used to not using spaces in file and directory  
> names rather than pretending to "fix" a case that will never be  
> guaranteed to work.

This isn't acceptable as a generic statement.

If you're unwilling to fix the cygport parts of the bug, that's fine, but  
claiming that fixing it were generally not worthwhile amounts to blessing  
insecure programming practices.

If shell scripts, including cygport, cannot be bothered to quote variables  
properly, worse things can happen than just blanks, think for instance  
glob special characters or semicolons.  This routinely raises SECURITY  
ISSUES unless you're using 100% trusted data, IOW, scripts that fail on  
blanks in path names, will do worse things under attack.  And now consider  
how many people are actually using Cygwin on systems where running with  
Administrator privileges is commonplace (XP...)

And I've made other packages work in directories that contain blanks, for  
instance bogofilter including test suite. It was some work to revisit all  
of the scripts, but not a major undertaking.

Of course fixing cygport won't assure its user that the package itself is  
safe in paths with blanks, but at least then you can say that you've done  
your part and the fix is SOEP (someone else's problem).

That other parts might fail is NOT AN excuse to not do your own job in a  
way that breaks other people's expectations.

I'd seriously ask you to reconsider.

-- 
Matthias Andree

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -