Bug 40523 - joinscript_run_in_container does no proper shell escape
joinscript_run_in_container does no proper shell escape
Status: CLOSED FIXED
Product: UCS
Classification: Unclassified
Component: App Center
UCS 4.1
Other Linux
: P5 normal (vote)
: UCS 4.1-0-errata
Assigned To: Dirk Wiesenthal
Florian Best
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2016-01-27 23:02 CET by Dirk Wiesenthal
Modified: 2016-02-04 14:09 CET (History)
2 users (show)

See Also:
What kind of report is it?: ---
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional):
Max CVSS v3 score:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Dirk Wiesenthal univentionstaff 2016-01-27 23:02:48 CET
joinscript_run_in_container bash -c 'echo /etc/univention/ssl/$(ucr get hostname).$(ucr get domainname)'

Expected:
/etc/univention/ssl/dudle-docker-1453929574705366.dirk.singlemaster.intranet

Actual:


Reason is passing $@, not "$@".
Comment 1 Dirk Wiesenthal univentionstaff 2016-01-31 21:10:59 CET
Fixed in
  univention-appcenter 5.0.19-46.103.201601312107
Comment 2 Florian Best univentionstaff 2016-02-01 12:50:58 CET
joinscript_run_in_container bash -c 'echo /etc/univention/ssl/$(ucr get hostname).$(ucr get domainname)'
→ works
joinscript_run_in_container echo '/etc/univention/ssl/$(ucr get hostname).$(ucr get domainname)'
→ works, too

OK: YAML
Comment 3 Janek Walkenhorst univentionstaff 2016-02-04 14:09:55 CET
<http://errata.software-univention.de/ucs/4.1/79.html>