Re: [exim-dev] cmdline scanner checks pclose() output, this…

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Viktor Dukhovni
Datum:  
To: exim-dev
Betreff: Re: [exim-dev] cmdline scanner checks pclose() output, this breaks existing deployments
On Mon, Dec 01, 2014 at 12:48:47AM +0100, Heiko Schlittermann wrote:

> Using
>
>     av_scanner = cmdline:/bin/scan %s || true:<trigger>:<re>

>
> may work. But since the complete command gets translated to
>
>            popen("/bin/scan %s || true 2>&1", "r")

>
> the above line needs to be:
>
>     av_scanner = cmdline:{ /bin/scan %s || true; }:<trigger>:<re>

>
> which is quite ugly. At least it should find it's way into the spec
> that we're using popen() and /bin/sh and that such commands will work.
>
> (I'm not sure about security implications from using popen() and
> /bin/sh).


It largely boils down to what might be substituted for '%s'. Instead of
"true" I would use the ":" shell built-in:

    /bin/may_only_appear_to_fail || : ignore


-- 
    Viktor.