byobu should not use 'ls' programmatically
Bug #452405 reported by
Dustin Kirkland
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
byobu |
Fix Released
|
Low
|
Dustin Kirkland | ||
byobu (Debian) |
Fix Released
|
Unknown
|
|||
byobu (Ubuntu) |
Fix Released
|
Low
|
Dustin Kirkland |
Bug Description
On Wed, 2009-09-23 at 12:35 +1000, Trent W. Buck wrote:
Package: byobu
> Version: 2.24-1
> Severity: normal
> File: /usr/lib/
>
> I get
>
> ls: cannot access /proc/acpi/battery: No such file or directory
>
> because on my system, this information is computed thusly:
>
> backtick 2 120 0 sh -c 'cd /sys/class/
>
> It is also bad form to use ls(1) programmatically; you should use
> globbing instead: http://
Changed in byobu: | |
status: | New → Triaged |
importance: | Undecided → Low |
assignee: | nobody → Dustin Kirkland (kirkland) |
Changed in byobu (Debian): | |
status: | Unknown → New |
Changed in byobu: | |
status: | Triaged → In Progress |
Changed in byobu (Ubuntu): | |
status: | New → In Progress |
importance: | Undecided → Low |
assignee: | nobody → Dustin Kirkland (kirkland) |
Changed in byobu: | |
status: | In Progress → Fix Committed |
Changed in byobu (Ubuntu): | |
status: | In Progress → Fix Committed |
Changed in byobu: | |
status: | Fix Committed → Fix Released |
Changed in byobu (Ubuntu): | |
status: | Fix Released → Fix Committed |
Changed in byobu (Debian): | |
status: | New → Fix Released |
To post a comment you must log in.
not sure if this is relevant, but on my system BAT0 does not exist and neither does "charge_now"
perhaps the folder path is os version specific and I'm off-track??? but I would not expect something fundamental to be arbitrary.
I'm running ubuntu hardy 8.04 on a Toshiba Laptop, and what I have is:
/sys/class/ power_supply/
ADP1
BAT1
and inside of BAT1 instead of "charge_" everything says "energy_"
/sys/class/ power_supply/ BAT1
energy_full
energy_now
while I agree with the bug poster about the dangers of parsing LS and enjoyed reading the very well written article that he points to.
In this scenario we are dealing with well-known names provided by the system. so I think it is safe in this specific scenario to parse a name when we already know in advance what that name should be.
The only question becomes one of security, if someone put a bogus name with a newline to fool us, would anything bad happen? I suspect that the answer is the worse that could happen is an error message.