[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FYI] Re: Vulnerability in libtool 1.5
From: |
Gary V. Vaughan |
Subject: |
Re: [FYI] Re: Vulnerability in libtool 1.5 |
Date: |
Mon, 05 Jan 2004 14:45:32 +0000 |
User-agent: |
Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20030925 Thunderbird/0.3 |
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Scott James Remnant wrote:
| On Sun, 2004-01-04 at 20:06, Gary V.Vaughan wrote:
|
|
|>I have no problem with starting to use shell functions to libtool now,
|>and infact I think that it is the best way to bring some sanity to the
|>code spaghetti we are trying to maintain. For now, I don't think it is
|>safe to rely on any more advanced shell function features than
|>enumerated parameter passing.
|>
|
| Here's what Blinn has to say:
|
| /bin/sh on older shells, including (at least) ULTRIX don't support them,
| do we drop support for those platforms?
|
| Some shells also would overwrite libtool's own $1...$# once the first
| function is called, so we should be sure to capture all shell script
| arguments before calling any function lest they be lost.
|
| On ULTRIX and HP-UX there's a /bin/sh5 which supports functions and
| positional parameter stacking.
I certainly don't propose that we drop support for HP-UX. I suspect that
no-one would notice if we dropped support for ULTRIX these days: I last used
one about 10 years ago, and it was considered to be legacy even then.
Autoconf is starting the process of adding code to configure to search for a
CONFIG_SHELL that has function support. Libtool already has a function (only
called on cygwin, but still parsed elsewhere) that has been around for some
time without causing complaint.
At worst, for those few platforms with a default shell that doesn't support
functions, and until autoconf adds re-execing with a shell that does, the user
might need to 'export CONFIG_SHELL=/bin/sh5'. There was a thread on the
autoconf list recently that concluded there were no longer any platforms
(which would need a modern autoconf) that had no shell supporting shell
functions.
We could even add an interrim hack that re-execs libtool with a known good
shell for major platforms. Are there more than just Ultrix?
IIRC, the positional parameter overwriting is a shell archaeology discovery
(i.e. a curiosity of shells that are no longer in use on machines that want to
run a modern libtool/autoconf).
Cheers,
Gary.
- --
Gary V. Vaughan ())_. address@hidden,gnu.org}
Research Scientist ( '/ http://www.oranda.demon.co.uk
GNU Hacker / )= http://www.gnu.org/software/libtool
Technical Author `(_~)_ http://sources.redhat.com/autobook
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org
iD8DBQE/+XiLFRMICSmD1gYRAvowAJ9/1uo39K93GQgjP9KXUFfVElAoMwCeJ8mY
7KqUpOc0MIxNCaxjRfLyzIY=
=yNvy
-----END PGP SIGNATURE-----