[Bash-completion-devel] [bash-completion-Bugs][312143] protect against user's personal binary preferences

bash-completion-bugs at alioth.debian.org bash-completion-bugs at alioth.debian.org
Wed Dec 9 04:02:34 UTC 2009


Bugs item #312143, was changed at 2009-12-07 19:29 by Kevin Hunter
You can respond by visiting: 
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=312143&group_id=100114

Status: Open
Priority: 3
Submitted By: Kevin Hunter (hunteke-guest)
Assigned to: Nobody (None)
Summary: protect against user's personal binary preferences 
Distribution: Ubuntu
Originally reported in: None
Milestone: None
Status: None
Original bug number: 


Initial Comment:
Since the bash_completion script is sourced /into/ a user's shell session, their personal preferences, e.g. aliases, would otherwise get used.  (e.g. alias grep='grep --color=always')  This is not what bash_completion needs.  In the example, this would return something like

$ sudo apt-get purge ggz[tab]
$ apt-get purge ggz^[\[m^[\[K^[\[m^[\[Kcore-bin

Instead, what we want is:

$ sudo apt-get purge ggz[tab]
$ sudo apt-get purge ggzcore-bin

Please see attached bashrc snippet and suggested patch to bash_completion.

Note: I did not change any of the comments.  Just the places where grep is actually used and called as 'grep'.

----------------------------------------------------------------------

Comment By: Kevin Hunter (hunteke-guest)
Date: 2009-12-08 23:02

Message:
Hoh!  Command is ... not the best keyword for which to search in the bash man page.  :-)  But, finally found it.  The only reason I didn't create that patch with command is because I didn't know about it.  I think it's a far cleaner solution.

Besides, I knoze you're smarter than me.  That's why I said "suggested" patch.  ;-)

Alright, I still don't have the development version, nor would I have time to test it out for at least another month or so, but here's an updated patch that responds to these criticisms:

1. not corrected - against old version of bash_completion

2. corrected - it would "pollute" users' environment with the GREP variable.

3. corrected (moot) - --color=auto is a GNU grep thing, it cannot be blindly used in bash completion.  As GREP is removed, issue solved.

For the record, I did *not* say =auto, I said =never.  I explicitly don't use auto, because I often want color /in the pipeline/, as for 'less -R'.  =auto tries to be smart by removing color if it's not directly to the terminal, which is less than ideal for my use cases.

4. corrected - grep is not always installed in /bin.

In regards to using GREP_OPTIONS, that's a no-go.  As with my bashrc, I specifically set GREP_OPTIONS and would be annoyed if it was hijacked.

(Raphaël, I have similar aliases well.  Would get into them, but ... not the time or place.  :-) )

----------------------------------------------------------------------

Comment By: Raphaël Droz (gibboris-guest)
Date: 2009-12-08 19:18

Message:
I vote for using command (or 'quoting' the command, but 'command' prefix is nice for grep'ing bash-comp source).

I think this should also be made for other potentially aliased commands :
'cp', 'rm', 'mv', 'less' aren't used.
'cd' is : pkgtools, dpkg
'echo' is
'head', 'tail' are : genisoimage, cowsay, apache2ctl.
'ls' is always prefixed by 'command'
(personally I also have an alias for 'df'' and 'wget')

----------------------------------------------------------------------

Comment By: Ville Skyttä  (scop-guest)
Date: 2009-12-08 17:56

Message:
The patch has a number of problems, it cannot be applied, at least as is.

First, it is apparently against an old version of bash completion, current development version looks substantially different.  Second, it would "pollute" users' environment with the GREP variable.  Third, --color=auto is a GNU grep thing, it cannot be blindly used in bash completion.  Fourth, grep is not always installed in /bin.

Wouldn't simply replacing all occurrences of "grep" with "command grep" (it's already that way in a couple of places) be a good enough solution?  Ditto egrep and fgrep.  This wouldn't protect against nasty things in GREP_OPTIONS but I'm not sure there's much we can sanely do about those anyway.  Hmm... or we could always do "GREP_OPTIONS= command grep ..." but I'm not sure if that ugliness is worth it.  Or we could do that and also replace uses of grep with some other less problematic tool but...

----------------------------------------------------------------------

Comment By: Kevin Hunter (hunteke-guest)
Date: 2009-12-07 19:38

Message:
For passersby reading this, I'm aware that I may have an unexpected setup for my grep.  I explain why in the comments of the attached bashrc snippet, but suffice it to say, this what I have:

GREP_OPTIONS='--color=none'  # default to sane options
alias grep='grep --color=always'   # if I'm typing it, I most-likely want colors
alias less='less -R'   # enable pass-through (RAW) colors from grep

For reference, here's the discussion that convinced me put it the way I have it.

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475772#17


----------------------------------------------------------------------

You can respond by visiting: 
https://alioth.debian.org/tracker/?func=detail&atid=413095&aid=312143&group_id=100114



More information about the Bash-completion-devel mailing list