d/freebsd-dev
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent the commands output of pkg_version.pl from being executed without the

Browse Source 
user actually editing the output.  Too many people were rampantly abusing
this feature via "pkg_version -c | sh" without really being cognizant
of the dangers involved (ports upgrade kits) or the fact that it
just plain wasn't designed for it (dependencies).  We'll try to keep
people from shooting themselves in the foot.

Will be MFC-ed to RELENG_4 and RELENG_3 after cooling-off period.
This commit is contained in:
bmah 2001-02-09 20:07:06 +00:00
parent ceb48e2e89
commit adfae33d1f
1 changed files with 14 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
usr.sbin/pkg_install/version/pkg_version.pl
View File

@ -324,6 +324,20 @@ while (<INDEX>) {
}
close INDEX;
#
# If we're doing commands output, cripple the output so that users
# can't just pipe the output to sh(1) and expect this to work.
#
if ($ShowCommandsFlag) {
print<<EOF
echo "The commands output of pkg_version cannot be executed without editing."
echo "You MUST save this output to a file and then edit it, taking into"
echo "account package dependencies and the fact that some packages cannot"
echo "or should not be upgraded."
exit 1
EOF
}
#
# Produce reports
#