[debhelper-devel] Bug#803341: dh_installdeb: doesn't escape shell metacharacters in *.maintscript
Jakub Wilk
jwilk at debian.org
Wed Oct 28 22:20:33 UTC 2015
Package: debhelper
Version: 9.20151005
dh_installdeb(1) manpages says: “Any shell metacharacters will be
escaped, so arbitrary shell code cannot be inserted here.” But this
doesn't seem to be happening. For example, if you add
mv_conffile || /usr/games/cowsay
to your maintscript file, you'll have your maintainer script actions
announced by a cow.
Somewhat related bug: #803253.
There are more packages that use shell metacharacters in their
maintscript files incorrectly:
https://codesearch.debian.net/search?q=%22[%24][%40]%22+path%3Adebian%2F.*maintscript
-- System Information:
Debian Release: stretch/sid
APT prefers unstable
APT policy: (990, 'unstable'), (500, 'experimental')
Architecture: i386 (x86_64)
Foreign Architectures: amd64
Kernel: Linux 4.2.0-1-amd64 (SMP w/2 CPU cores)
Locale: LANG=C, LC_CTYPE=pl_PL.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: sysvinit (via /sbin/init)
Versions of packages debhelper depends on:
ii binutils 2.25.1-7
ii dh-strip-nondeterminism 0.013-1
ii dpkg 1.18.3
ii dpkg-dev 1.18.3
ii file 1:5.25-2
ii libdpkg-perl 1.18.3
ii man-db 2.7.4-1
ii perl 5.20.2-6
ii po-debconf 1.0.18
--
Jakub Wilk
More information about the debhelper-devel
mailing list