On Thu, Nov 5, 2009 at 2:15 PM, Rogutės Sparnuotos
<rogutes@xxxxxxxxxxxxxx> wrote:
> Daenyth Blank (2009-11-05 13:07):
>> On Thu, Nov 5, 2009 at 13:03, Aaron Griffin <aaronmgriffin@xxxxxxxxx> wrote:
>> > I was thinking more along the lines of:
>> >
>> > Original: eval $(grep '^SRCDEST=' /etc/makepkg.conf)
>> >
>> > SRCDEST=$(grep '^SRCDEST=' /etc/makepkg.conf | cut -d= -f2)
>> > PKGDEST=$(grep '^PKGDEST=' /etc/makepkg.conf | cut -d= -f2)
>> >
>>
>> I believe that should work... Make sure to throw in a -d -w check
>> after, to make sure it's right... I think a malicious line (".. && rm
>> -rf /") would simply get stored as a string.. as long as we quote
>> everything properly and unset it if it's not right, I'm pretty sure
>> it's not dangerous. It could however, fail in cases where it's split
>> over multiple lines. I don't think that's a reason not to do it
>> though, I can't imagine a reason for such a thing.
>
> This wouldn't work for
> SRCDEST="/path/to/dir"
> SRCDEST='/path/to/dir'
>
> But sed should be able to do it:
> SRCDEST=$(sed -nr "/^SRCDEST=/{s/[^=]+=(['\"]?)(.+)\1/\2/p}" /etc/makepkg.conf)
>
> --
> -- Rogutės Sparnuotos
>
Let me know when you guys agree on a better (safer) way to implement
this. I'll then sent a corrected patch.
