[buildd-tools-devel] Bug#816493: Bug#816493: sbuild: stripping quotes from its own perl command

[Johannes Schauer]

Hi,

Quoting Samuel Thibault (2016-03-02 11:40:50)
> I tried to upgrade sbuild on a buildd, and some builds failed with:
> 
> W: Stripped single quote from command for security:             use strict;
>                 use warnings;
>                 use Dpkg::Arch;
>                 if (Dpkg::Arch::debarch_is('hurd-i386', 'any')) {
>                     exit 0;
>                 }
>                 exit 1;
> 
> Bareword "hurd" not allowed while "strict subs" in use at -e line 4.
> Bareword "i386" not allowed while "strict subs" in use at -e line 4.
> Bareword "any" not allowed while "strict subs" in use at -e line 4.
> Execution of -e aborted due to compilation errors.
> 
> So sbuild stripped the quotes (see get_command_internal function in
> ChrootPlain.pm) that it itself introduced (see check_architectures()
> function in Build.pm)
> 
> I had to use the attached patch to fix the issue.

thanks for the patch. Replacing the single with double quotes is indeed a good
fix here.

Though I also wonder why single quotes get stripped in the first place. What is
the security problem with them? Neither the surrounding source code nor commit
ec49ae9c where this stripping was introduced explains why it is necessary.

cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: signature
URL: <http://lists.alioth.debian.org/pipermail/buildd-tools-devel/attachments/20160302/8b8d234c/attachment.sig>