This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: Bug: cygport fails when the working directory pathname contains spaces


Am 27.01.2010, 09:13 Uhr, schrieb Yaakov (Cygwin/X) <yselkowitz@users.sourceforge.net>:

On 26/01/2010 23:38, Steven Monai wrote:
Imagine if a program like 'cp' failed because the current working
directory has a pathname that contains spaces. You'd probably agree with
me that 'cp' had a rather serious flaw, wouldn't you?

cygport is not 'cp'. cygport is a shell script, as are configure scripts, the autoconf-generated kind being the most common build system out there. Shell scripts usually use spaces for IFS. Hence distinguishing between a space in a file name/path and whitespace between arguments is fraught with difficulties.


I stand by my original report. This is a bug. Not a serious show-stopper
by any stretch, but a bug, nonetheless.
>
When I find the time and motivation, I may try my hand at fixing it
myself. I'll report back with patches if I do.

As the author of cygport, I'll advise you that your time will be much better spent getting used to not using spaces in file and directory names rather than pretending to "fix" a case that will never be guaranteed to work.

This isn't acceptable as a generic statement.


If you're unwilling to fix the cygport parts of the bug, that's fine, but claiming that fixing it were generally not worthwhile amounts to blessing insecure programming practices.

If shell scripts, including cygport, cannot be bothered to quote variables properly, worse things can happen than just blanks, think for instance glob special characters or semicolons. This routinely raises SECURITY ISSUES unless you're using 100% trusted data, IOW, scripts that fail on blanks in path names, will do worse things under attack. And now consider how many people are actually using Cygwin on systems where running with Administrator privileges is commonplace (XP...)

And I've made other packages work in directories that contain blanks, for instance bogofilter including test suite. It was some work to revisit all of the scripts, but not a major undertaking.

Of course fixing cygport won't assure its user that the package itself is safe in paths with blanks, but at least then you can say that you've done your part and the fix is SOEP (someone else's problem).

That other parts might fail is NOT AN excuse to not do your own job in a way that breaks other people's expectations.

I'd seriously ask you to reconsider.

--
Matthias Andree

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]