[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [E-devel] Ecore_exe and shell metacharachters

On Wed, 05 Apr 2006 12:24:37 -0400 Mike Russo <miker@readq.com> wrote:

> Ecore_exe will try to avoid using "sh -c" to execute a program if it 
> can.  If the command line contains shell meta characters (defined as
> any combination of |&;<>$'\"'*?#) it will use the user's shell to
> execute the command, otherwise it will execute it directly.
> Unfortunately this causes a problem if the user's shell is csh/tcsh
> and the command line contains a ? character. I noticed this problem
> because dEvian's RSS face uses ecore_exe in order to launch a web
> browser with the URL as the command line argument, and if the URL
> contains a ? ecore_exe will try to use tcsh to execute it, and this
> will only work if the ? is escaped with a \.  Not even including the
> command line between single quotes

I've thought about this for a bit, and experimented with csh
(I've never used it before).

ecore_exe has no idea what the intention of the person that built the
command line is.  Do we escape all meta chars or not?  If the meta
characters are actually in there as actual shell meta characters to be
passed to a shell, then we just broke something.  Do we try to detect
what shell is in use to escape the meta characters properly?  Too many
shells to deal with.

I suspect that the best solution is to have the person constructing the
command line worry about escaping shell meta characters, as they know
what they want the command line to do.  This makes it a dEvian problem.

On the other hand, I can see that allowing programs to ask ecore_exe
to use /bin/sh instead of whatever shell the user prefers to use would
be a good idea.  Maybe even letting programs choose the shell to use,
and leave it up to them to detect if the shell exists.  If the program
asks ecore_exe to use a shell that doesn't exist, then the same thing
will happen that would normally happen when trying to ecore_exe any
program that doesn't exist.

Attachment: signature.asc
Description: PGP signature