[bug #19374] Insufficient quoting of PRUNEPATHS in updatedb

[Andreas Metzler]

URL:
  <http://savannah.gnu.org/bugs/?19374>

                 Summary: Insufficient quoting of PRUNEPATHS in updatedb
                 Project: findutils
            Submitted by: ametzler
            Submitted on: Mittwoch 21.03.2007 um 19:21
                Category: updatedb
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
         Originator Name: István Váradi
        Originator Email: 
             Open/Closed: Open
         Discussion Lock: Any
                 Release: 4.2.28
           Fixed Release: None

    _______________________________________________________

Details:

This is http://bugs.debian.org/415567

István Váradi writes: -----------------------
The updatedb script uses the PRUNEPATHS environment variable without quoting
it. This causes some problems when putting regular expressions into the value
of this variable. For example, if I use an asterisk (*) in a path, it will be
expanded by the shell before using it as a regular expression. Thus,
.*/lost+found becomes ../lost+found (and possibly others, depending on how
many files or directories, whose names start with a dot I have in the working
directory).
---------------------------------------------

Afaict the fix should be trivial:

- for p in $PRUNEPATHS; do
+ for p in "$PRUNEPATHS"; do
[...]
-  PRUNEREGEX=`echo $PRUNEPATHS|sed -e 's,^,\\\(^,' -e 's, ,$\\\)\\\|\\\(^,g'
-e 's,$,$\\\),'`
+   PRUNEREGEX=`echo "$PRUNEPATHS"|sed -e 's,^,\\\(^,' -e 's,
,$\\\)\\\|\\\(^,g' -e 's,$,$\\\),'`

thanks, cu andreas




    _______________________________________________________

Reply to this item at:

  <http://savannah.gnu.org/bugs/?19374>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.gnu.org/