Re: CVS commit: src/lib/libc/gen

To: Alan Barrett <apb%cequrux.com@localhost>
Subject: Re: CVS commit: src/lib/libc/gen
From: Roy Marples <roy%marples.name@localhost>
Date: Sat, 27 Sep 2014 10:45:33 +0100

On Saturday 27 Sep 2014 11:04:09 Alan Barrett wrote:
> On Fri, 26 Sep 2014, Roy Marples wrote:
> >>>Log Message:
> >>>Remove \$ as a hidden marker as vis(3) wasn't setting it
> >>>and it clobbered VIS_SHELL | VIS_CSTYLE.
> >>>
> >> This is wrong.  "vis -l" outputs \$, and with this change,
> >> unvis won't correctly handle it.
> >> 
> >> unvis is not intended to reverse shell-style escapes.  You can
> >> use the shell's eval command for that.
> > 
> > Doesn't eval kind of defeat the purpose of shell sanitisation
> > which VIS_SHELL is supposed to achieve?  I can always add $ to
> > "the don't encode this" list for VIS_CSTYLE.
> 
> Yes, eval should be avoided if the input in untrusted.
> 
> If unvis needs to handle both meanings of \$ (end of line for
> output from "vis -l", or '$' for output from the new shell
> escaping variant of vis) then it will need a flag to distinguish
> the cases.  Or vis can be changed to use \044 instead of \$ in the
> shell escaping case, which I guess is what you meant by the "don't
> encode this" list.

I handled it a different way by stopping VIS_CSTYLE encoding $ as \$ - it will 
be \044
Seems to work so far :)

Roy

References:
- Re: CVS commit: src/lib/libc/gen
  - From: Roy Marples
- Re: CVS commit: src/lib/libc/gen
  - From: Alan Barrett

Prev by Date: Re: CVS commit: src/lib/libc/gen
Next by Date: Re: CVS commit: src/sys/dev/pci
Previous by Thread: Re: CVS commit: src/lib/libc/gen
Next by Thread: Re: CVS commit: src/sys/compat/linux/arch/i386
Indexes:

Home | Main Index | Thread Index | Old Index