diff options
| author | Sergey Poznyakoff <gray@gnu.org.ua> | 2016-09-15 15:12:43 +0300 |
|---|---|---|
| committer | Sergey Poznyakoff <gray@gnu.org.ua> | 2016-09-15 15:26:38 +0300 |
| commit | 53059b7fb9101091eaf67974862820461765710c (patch) | |
| tree | fa0d0ed7ec7f991236d6e103b2d849addf4facee /rex | |
| parent | d78ceac8d8e0a8fcb3e5de13bc57a7194dea1352 (diff) | |
| download | rex-53059b7fb9101091eaf67974862820461765710c.tar.gz rex-53059b7fb9101091eaf67974862820461765710c.tar.bz2 | |
Create temporary script if a pipeline or control flow statement is used in sudo mode.
Earlier versions used to create a temporary script wherever a pipe symbol
or whitespace had been found in the command line. This was an overkill,
and was removed in ff1b746d. However, this approach is still needed, if
a pipeline or shell control structure is passed as command in sudo mode.
This commit restores it for such cases. Another way would be to run
/bin/sh -c 'cmd', but that requires a careful preprocessing of cmd, so
I prefer a temporary, at least for the time being.
* rex (maketempfile): Register the created file in the global
list for further removal before exiting.
(editdb): Setting trap not needed now.
(cleanup): Remove files listed in cleanup_files
(ispipeline): New function
(rex_command): Fall back to copy mode when passing what looks like a
pipeline or control flow statement in sudo mode.
(MAIN): Set trap.
Diffstat (limited to 'rex')
| -rwxr-xr-x | rex | 41 |
1 files changed, 36 insertions, 5 deletions
@@ -961,8 +961,10 @@ proc echo {a} { } proc maketempfile {} { + global cleanup_files set tempfile ".rex.[pid].tmp" exec "/bin/sh" -c "umask 077; touch $tempfile" + lappend cleanup_files $tempfile return $tempfile } @@ -1185,10 +1187,6 @@ proc editdb {dbname} { set ed "vi" } - trap { - file delete $tempfile - exit - } [list SIGINT SIGQUIT SIGHUP SIGTERM] set tempfile [maketempfile] mkdbview $dbname $tempfile rexdb @@ -1997,9 +1995,18 @@ proc common_config_setup {} { proc cleanup {} { global argv0 global errors + global cleanup_files debug 1 "cleaning up" updatedb + + if {[info exist cleanup_files]} { + foreach fname $cleanup_files { + file delete $fname + } + unset cleanup_files + } + if {[info exist errors]} { send_error "$argv0: there were [llength $errors] errors:\n" foreach err $errors { @@ -2050,6 +2057,14 @@ proc regsub-eval {args} { \[[regsub -all {&} $cmd {\\&}]\]] } +# Return true, if cmd looks like a pipeline or shell construct. +proc ispipeline {cmd} { + if {[llength $cmd] != 1} { + return 0 + } + regexp -- {(^(if|case|for|while|time|function|select)[[:space:]])|[|&><;]} $cmd +} + proc rex_command args { global argv0 global argc @@ -2207,6 +2222,17 @@ proc rex_command args { set config(argv) $newcom set config(command) [join $config(argv)] + if {$config(sudo) != "" && [ispipeline $config(argv)]} { + set tempscriptname [maketempfile] + debug 1 "creating temporary script file $tempscriptname" + set fd [open $tempscriptname w] + puts $fd $config(command) + close $fd + set config(command) $tempscriptname + set config(argv) $config(command) + set config(option,copy) 1 + } + if {[llength $config(argv)] == 1 && [regexp {^(.+?)([[:space:]|&><;].*)$} $config(command) x config(progname) config(params)]} { # nothing @@ -2214,7 +2240,7 @@ proc rex_command args { set config(progname) [lindex $config(argv) 0] set config(params) [join [lrange $config(argv) 1 end]] } - + if {[config_option copy]} { lappend config(data) $config(progname) set config(command) "[getiterpreter $config(progname)] [file tail $config(progname)] $config(params)" @@ -2601,6 +2627,11 @@ if {$argc == 0} { set config(mode) [argcvshift] +trap { + cleanup + exit +} {SIGINT SIGQUIT SIGHUP SIGTERM} + switch -- $config(mode) { run - command rex_command |