KShell & KMacroExpander - are we screwed?
ossi at kde.org
Mon Oct 15 11:02:29 CEST 2007
On Mon, Oct 15, 2007 at 03:27:08AM +0200, Andreas Pakulat wrote:
> On 15.10.07 01:09:15, Oswald Buddenhagen wrote:
> > - you might not need to crack the system to change the env. the
> > application might contain some bug that prods it into setenv()ing
> > something silly.
> Well, a broken app can do all sorts of things, including rm -rf ~/Mail
> when you switch the folder ;) I'm neither a cmd nor a sh guru, but I
> suspect you can get an rm -rf / into a shell command as well with a bug
> in the application.
yes, but it would be a *different* bug.
> > > and especially not for the users. Those users would have to adopt
> > > the commands and arguments to posix shell, which you can't really
> > > expect from them.
> > >
> > you should consider that about 99% of the commands the user ever
> > supplies will look like "foo %f", etc.
> If I recall correctly there %f won't be expanded, right?
hmm? that was a expando as used by printf, the desktop entry standard
and whatever else.
> Also that 99% are not from the whole userbase, but those that actually
> need to provide a shell-thing somewhere, which IMHO is a rather small
> number of people (compared to the whole kde/win32 userbase)
right, which is just in favor of my point. :)
> > it only becomes a problem if somebody tries to execute complex shell
> > constructs. but those able to do that are also able to learn the
> > posix equivalents
> Actually I suspect those people that execute really complex shell
> constructs on win32 use .bat files and don't try to write that down in
> a lineedit...
probably. and it applies almost equally to unix. that's why i suspect
nuking setShellCommand and providing proper support for batch files is
> Hmm, this discussion about the problems being rather
> corner-case-situations for people that know their way around the win32
> cmd shell makes me wanting to do solution 1) more and more (i.e.
> ignore the problems)
fine, but don't say i didn't warn you. :)
btw, does the freeze apply to win-specific parts of kdelibs?
Hi! I'm a .signature virus! Copy me into your ~/.signature, please!
Chaos, panic, and disorder - my work here is done.
More information about the Kde-windows