Re: m4-1.4.11 released

[Eric Blake]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

[Please discuss this on mailing lists, rather than via private email, so
that others may chime in, and so that the discussion will be archived for
reference]

According to Michael Breen on 4/6/2008 1:02 AM:
|  EB>
|  EB>** The output of the `maketemp' and `mkstemp' builtins is now quoted
if a
|  EB>~   file was created.  This is a minor security fix, because it was
possible
|  EB>~   (although rather unlikely) that an unquoted string could match an
|  EB>~   existing macro name, such that use of the `mkstemp' output would
trigger
|  EB>~   inadvertent macro expansion and operate on the wrong file name.
|  EB>
|
| Hello Eric,
| Has the problem described by Steven Simpson
|   www.comp.lancs.ac.uk/~ss/websitemgmt/tools#m4patch
| been discussed previously among M4 developers?

No, because no one ever mailed bug-m4 or m4-discuss about it.

However, it is a known limitation of the POSIX specification, for which
the TODO file mentions a more generic solution.  Rather than changing lots
of existing macros to add a new argument (and which might not be possible
for some macros), we are considering adding a new macro, qindir, which
behaves like the existing indir builtin except that it also surrounds the
output in an additional level of quoting.

Autoconf deals with some of these issues in m4sugar.  translit, regexp,
and patsubst are generally usable - you just have to remember to supply
extra quoting up front (and with patsubst, remember that anchored
expressions are skewed by the extra quotes).  substr is generally unusable
when you desire robust expansion (although if you are stripping off the
front of the string, format(``%.*s'', n, <string>) is equivalent to
substr(<string>, n) plus the needed quoting).

But if we were to add qindir, then you could do:
define(`_substr', defn(`substr'))dnl
define(`substr', `qindir(`_$0', $@)')dnl

to get a version of substr that adds the desired quotes.

| I wrote some workaround code
|   mbreen.com/m4.html#substrfix
| that addresses the problem but only for substr and translit.
| Perhaps something like Steven's approach could be more
| generally applied? Particularly for macros that are GNU M4
| extensions, i.e., where compatibility issues are less of a
| concern.
| Regards,
| Michael
|
| P.S. Feel free to circulate this email if you wish - but
| please strip my email address from it first (I don't use a
| spam filter).
|

- --
Don't work too hard, make some time for fun as well!

Eric Blake             address@hidden
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iEYEARECAAYFAkf451wACgkQ84KuGfSFAYC51wCgsvlU4XQbTwG1nGnfH15ScLRX
+V0AoNAgQM4z8DEKQD5ZzyUAnG7gAWem
=1CJu
-----END PGP SIGNATURE-----