merlyn@xxxxxxxxxxxxxx (Randal L. Schwartz) writes: >>>>>> "Bill" == Bill Lear <rael@xxxxxxxxxx> writes: > > Bill> I was told eval was "wrong on multiple levels". > > I should elaborate. > > Using "eval" here means that you *then* have to be careful about whitespace > quoting. For example, if my $HOME had a space in it, > EDITOR="$HOME/bin/superemacs" would be broken if you add the extra eval, since > the whitespace would be treated as a delimeter on the second lexing. I'd have > to figure out how to set EDITOR with the right quotes or backwhacks in it to > undo the effect of your eval. That's definitely a problem, but since environment variables can't contain complex data-structures, you have no other way to allow the user to specify a command with multiple arguments (EDITOR="emacs -nw" for example). Anyway, if you had a space in your $HOME, you would already have quoted it in $EDITOR before using git, because this is the way other applications work. > Also, eval treats data as code, and if for some reason this should end up in a > setuid environment (perhaps as a web application), eval would generate a > trivially accessed gigantic security hole. Without the eval, you also treat data as code. If you set EDITOR=halt, whether or not you use eval, "git commit" will shutdown your machine for example. -- Matthieu - To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
