X-Recipient: archive-cygwin AT delorie DOT com X-SWARE-Spam-Status: No, hits=-2.6 required=5.0 tests=BAYES_00,SPF_PASS X-Spam-Check-By: sourceware.org Content-Type: text/plain; charset=utf-8; format=flowed; delsp=yes To: "Yaakov (Cygwin/X)" , cygwin AT cygwin DOT com Subject: Re: Bug: cygport fails when the working directory pathname contains spaces References: <4B5FA03C DOT 8020504 AT monai DOT ca> <4B5FC41E DOT 6090301 AT users DOT sourceforge DOT net> <4B5FD16E DOT 4060107 AT monai DOT ca> <4B5FF5AE DOT 3050904 AT users DOT sourceforge DOT net> Date: Wed, 27 Jan 2010 09:36:29 +0100 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit From: "Matthias Andree" Message-ID: In-Reply-To: <4B5FF5AE.3050904@users.sourceforge.net> User-Agent: Opera Mail/10.10 (Linux) X-IsSubscribed: yes Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm Precedence: bulk List-Id: List-Unsubscribe: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Am 27.01.2010, 09:13 Uhr, schrieb Yaakov (Cygwin/X) : > On 26/01/2010 23:38, Steven Monai wrote: >> Imagine if a program like 'cp' failed because the current working >> directory has a pathname that contains spaces. You'd probably agree with >> me that 'cp' had a rather serious flaw, wouldn't you? > > cygport is not 'cp'. cygport is a shell script, as are configure > scripts, the autoconf-generated kind being the most common build system > out there. Shell scripts usually use spaces for IFS. Hence > distinguishing between a space in a file name/path and whitespace > between arguments is fraught with difficulties. > >> I stand by my original report. This is a bug. Not a serious show-stopper >> by any stretch, but a bug, nonetheless. > > >> When I find the time and motivation, I may try my hand at fixing it >> myself. I'll report back with patches if I do. > > As the author of cygport, I'll advise you that your time will be much > better spent getting used to not using spaces in file and directory > names rather than pretending to "fix" a case that will never be > guaranteed to work. This isn't acceptable as a generic statement. If you're unwilling to fix the cygport parts of the bug, that's fine, but claiming that fixing it were generally not worthwhile amounts to blessing insecure programming practices. If shell scripts, including cygport, cannot be bothered to quote variables properly, worse things can happen than just blanks, think for instance glob special characters or semicolons. This routinely raises SECURITY ISSUES unless you're using 100% trusted data, IOW, scripts that fail on blanks in path names, will do worse things under attack. And now consider how many people are actually using Cygwin on systems where running with Administrator privileges is commonplace (XP...) And I've made other packages work in directories that contain blanks, for instance bogofilter including test suite. It was some work to revisit all of the scripts, but not a major undertaking. Of course fixing cygport won't assure its user that the package itself is safe in paths with blanks, but at least then you can say that you've done your part and the fix is SOEP (someone else's problem). That other parts might fail is NOT AN excuse to not do your own job in a way that breaks other people's expectations. I'd seriously ask you to reconsider. -- Matthias Andree -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple