[Ecls-list] SI:SYSTEM vs. quoting and maliciously chosen values of $HOME

[Samium Gromoff]

On Mon, 05 Apr 2010 19:19:09 +0400, Samium Gromoff <_deepfire at feelingofgreen.ru> wrote:
> When one has a somewhat unconvenient choice of $HOME on win32, coupled
> with the mingw shell, which interprets certain characters in an
> unconvenient way, certain unconvenient behaviors begin to surface:
> 
> ;;; Note:
> ;;;   Invoking external command:
> ;;;   ar cr C:/D&S/Fooish Bar/Local Settings/Temporary Internet Files/common-lisp/usr/src/mcoredb/li
> bmcoredb-imodel3.a C:/TEMP/ECL201.o C:/D&S/Fooish Bar/Local Settings/Temporary Internet Files/common-
> lisp/usr/src/mcoredb/apps/imodel3.o
> ;;; "S" is not recognized as an internal or external command, operable program or batch file.
> "S" is not recognized as an internal or external command, operable program or batch file.
> 
> This, essentially, implies that we need to do escaping within
> COMPILER:SAFE-SYSTEM, at least on mingw, and at least with regard
> to the #\& character.

It actually boiled down to specific invocations of 'ar' and 'ranlib' not
having properly quoted arguments.  The all-over-the-board quoting I
originally proposed now indeed sounds to me as stupid.

The patch fixing the said lack of quoting is in feelingofgreen's
repository.

-- 
regards,
  Samium Gromoff
--
"Actually I made up the term 'object-oriented', and I can tell you I
did not have C++ in mind." - Alan Kay (OOPSLA 1997 Keynote)