From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <dkg@fifthhorseman.net>
Received: from localhost (localhost [127.0.0.1])
 by arlo.cworth.org (Postfix) with ESMTP id 1CDB96DE10DF
 for <notmuch@notmuchmail.org>; Thu, 29 Aug 2019 07:21:14 -0700 (PDT)
X-Virus-Scanned: Debian amavisd-new at cworth.org
X-Spam-Flag: NO
X-Spam-Score: -1.39
X-Spam-Level: 
X-Spam-Status: No, score=-1.39 tagged_above=-999 required=5 tests=[AWL=1.111, 
 DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
 DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001]
 autolearn=disabled
Received: from arlo.cworth.org ([127.0.0.1])
 by localhost (arlo.cworth.org [127.0.0.1]) (amavisd-new, port 10024)
 with ESMTP id Lo3hh2MMLNW0 for <notmuch@notmuchmail.org>;
 Thu, 29 Aug 2019 07:21:13 -0700 (PDT)
Received: from che.mayfirst.org (che.mayfirst.org [162.247.75.118])
 by arlo.cworth.org (Postfix) with ESMTPS id E174E6DE10D1
 for <notmuch@notmuchmail.org>; Thu, 29 Aug 2019 07:21:12 -0700 (PDT)
DKIM-Signature: v=1; a=ed25519-sha256; c=relaxed/simple; 
 d=fifthhorseman.net; i=@fifthhorseman.net; q=dns/txt; 
 s=2019; t=1567088471; h=from : to : subject : in-reply-to 
 : references : date : message-id : mime-version : 
 content-type : from; 
 bh=2gH1fxZcY3FwOBfKFYBBfM/CBitRWhAmgw16YHbGq1U=; 
 b=FYSnLhyvvdir5q7VfKk61fCmagEYNdonBqNV1FLUMFF+DobDoB92Qts/
 9Z3dGfTqhUqB7ercu5pykvvVA00NCQ==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=fifthhorseman.net; 
 i=@fifthhorseman.net; q=dns/txt; s=2019rsa; t=1567088471; 
 h=from : to : subject : in-reply-to : references : date : 
 message-id : mime-version : content-type : from; 
 bh=2gH1fxZcY3FwOBfKFYBBfM/CBitRWhAmgw16YHbGq1U=; 
 b=joVpZqZYMME5mk9h19HfvhFAILl/zlja8vculX0VoAoFnGqQD5xBkQAF
 S4mo7IlDd3Rl+IfwCzhszQjPkMvhXDWBpqzxmdoQoTxqQL0qDK84BiX4ui
 gpkyqDG0LBp0zjihyGPvFFSTLvtcCPJfkZAvf3xjloZ6jbEcX9nqpWn288
 bPsyIBA9M39H7rr2lrZlyw279klBzYVp4KCZYPsI8sH3H0F+UU4syDZl5V
 77DqhoFSdjYWSyTtVE084EMoiZIcDV05SnxTJhvsoiM9oVvQ7XmklzfR0g
 WWfh7OT+nC34blDDVSuarZ5PoRo4fIys6m68vNPf34k1uHLNBwNB7Q==
Received: from fifthhorseman.net (unknown [38.109.115.130])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by che.mayfirst.org (Postfix) with ESMTPSA id 37127F99E;
 Thu, 29 Aug 2019 10:21:09 -0400 (EDT)
Received: by fifthhorseman.net (Postfix, from userid 1000)
 id 8019F203C5; Thu, 29 Aug 2019 10:21:07 -0400 (EDT)
From: Daniel Kahn Gillmor <dkg@fifthhorseman.net>
To: Tomi Ollila <tomi.ollila@iki.fi>, notmuch@notmuchmail.org
Subject: Re: [PATCH v2] configure: fix out of tree build; check unsafe
 characters in srcdir
In-Reply-To: <20190826170346.20804-1-tomi.ollila@iki.fi>
References: <20190826170346.20804-1-tomi.ollila@iki.fi>
Autocrypt: addr=dkg@fifthhorseman.net; prefer-encrypt=mutual; keydata=
 mDMEXEK/AhYJKwYBBAHaRw8BAQdAr/gSROcn+6m8ijTN0DV9AahoHGafy52RRkhCZVwxhEe0K0Rh
 bmllbCBLYWhuIEdpbGxtb3IgPGRrZ0BmaWZ0aGhvcnNlbWFuLm5ldD6ImQQTFggAQQIbAQUJA8Jn
 AAULCQgHAgYVCgkICwIEFgIDAQIeAQIXgBYhBMS8Lds4zOlkhevpwvIGkReQOOXGBQJcQsbzAhkB
 AAoJEPIGkReQOOXG4fkBAO1joRxqAZY57PjdzGieXLpluk9RkWa3ufkt3YUVEpH/AP9c+pgIxtyW
 +FwMQRjlqljuj8amdN4zuEqaCy4hhz/1DbgzBFxCv4sWCSsGAQQB2kcPAQEHQERSZxSPmgtdw6nN
 u7uxY7bzb9TnPrGAOp9kClBLRwGfiPUEGBYIACYWIQTEvC3bOMzpZIXr6cLyBpEXkDjlxgUCXEK/
 iwIbAgUJAeEzgACBCRDyBpEXkDjlxnYgBBkWCAAdFiEEyQ5tNiAKG5IqFQnndhgZZSmuX/gFAlxC
 v4sACgkQdhgZZSmuX/iVWgD/fCU4ONzgy8w8UCHGmrmIZfDvdhg512NIBfx+Mz9ls5kA/Rq97vz4
 z48MFuBdCuu0W/fVqVjnY7LN5n+CQJwGC0MIA7QA/RyY7Sz2gFIOcrns0RpoHr+3WI+won3xCD8+
 sVXSHZvCAP98HCjDnw/b0lGuCR7coTXKLIM44/LFWgXAdZjm1wjODbg4BFxCv50SCisGAQQBl1UB
 BQEBB0BG4iXnHX/fs35NWKMWQTQoRI7oiAUt0wJHFFJbomxXbAMBCAeIfgQYFggAJhYhBMS8Lds4
 zOlkhevpwvIGkReQOOXGBQJcQr+dAhsMBQkB4TOAAAoJEPIGkReQOOXGe/cBAPlek5d9xzcXUn/D
 kY6jKmxe26CTws3ZkbK6Aa5Ey/qKAP0VuPQSCRxA7RKfcB/XrEphfUFkraL06Xn/xGwJ+D0hCw==
Date: Thu, 29 Aug 2019 10:21:07 -0400
Message-ID: <87blw89hnw.fsf@fifthhorseman.net>
MIME-Version: 1.0
Content-Type: multipart/signed; boundary="=-=-=";
 micalg=pgp-sha512; protocol="application/pgp-signature"
X-BeenThere: notmuch@notmuchmail.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Use and development of the notmuch mail system."
 <notmuch.notmuchmail.org>
List-Unsubscribe: <https://notmuchmail.org/mailman/options/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=unsubscribe>
List-Archive: <http://notmuchmail.org/pipermail/notmuch/>
List-Post: <mailto:notmuch@notmuchmail.org>
List-Help: <mailto:notmuch-request@notmuchmail.org?subject=help>
List-Subscribe: <https://notmuchmail.org/mailman/listinfo/notmuch>,
 <mailto:notmuch-request@notmuchmail.org?subject=subscribe>
X-List-Received-Date: Thu, 29 Aug 2019 14:21:14 -0000

--=-=-=
Content-Type: text/plain

On Mon 2019-08-26 20:03:46 +0300, Tomi Ollila wrote:
> While check for GMime session key extraction support... was made
> out of tree build compatible, related (and some unrelated) unsafe
> characters are now checked in notmuch source directory path.

LGTM.   Thanks, Tomi.

> The known unsafe characters in NOTMUCH_SRCDIR are:
>
> - Single quote (') -- NOTMUCH_SRCDIR='${NOTMUCH_SRCDIR}'
>   is written to sh.config in configure line 1328.
>
> - Double quote (") -- configure line 521 *now* writes "$srcdir"
>   into generated c source file ($NOTMUCH_SRCDIR includes $srcdir).
>
> - Backslash (\) could also be problematic in configure line 521.
>
> - The added $ and ` are potentially unsafe -- inside double quotes
>   in shell script those have special meaning.

This is a great list of concerns to have enumerated.  How did you
generate it?

Are these things that we can pick off one by one?  It'd be great to be
robust against being built in weirdly named paths in the filesystem, and
it has always bothered me that so much of our tooling is brittle in that
way.

        --dkg

--=-=-=
Content-Type: application/pgp-signature; name="signature.asc"

-----BEGIN PGP SIGNATURE-----

iHUEARYKAB0WIQTJDm02IAobkioVCed2GBllKa5f+AUCXWffUwAKCRB2GBllKa5f
+CAXAP9lCSB6guH3DW7RQ/GVggJKVIhMLkALrd27FDm4TZNRNgD9EmNniq2O2yge
WMnyDRTm1PQm+XOF039VCsKYcPgEKwA=
=80Nw
-----END PGP SIGNATURE-----
--=-=-=--