[Ecls-list] SI:SYSTEM vs. quoting and maliciously chosen values of $HOME

Juan Jose Garcia-Ripoll juanjose.garciaripoll at googlemail.com
Mon Apr 5 19:39:51 UTC 2010

On Mon, Apr 5, 2010 at 7:28 PM, Samium Gromoff
<_deepfire at feelingofgreen.ru>wrote:

> It actually boiled down to specific invocations of 'ar' and 'ranlib' not
> having properly quoted arguments.  The all-over-the-board quoting I
> originally proposed now indeed sounds to me as stupid.

Thanks for tracking down the cause of this problem. I tried to "quote" all
commands that the compiler uses -- seems I forgot the ones related to
libraries --, because this is also the appropriate way for replacing
ext:system with ext:run-program.

> The patch fixing the said lack of quoting is in feelingofgreen's
> repository.

It is good to see that the repo is working. I will also try to download your
test framework if I find time.


Instituto de Física Fundamental, CSIC
c/ Serrano, 113b, Madrid 28006 (Spain)
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mailman.common-lisp.net/pipermail/ecl-devel/attachments/20100405/a61e5ac0/attachment.html>

More information about the ecl-devel mailing list