On Fri, 14 Jul 2017 18:47:05 +0200, Natanael Copa wrote:
As suggested in POSIX[1], wordexp might execute the shell. If the libc implementation does so, it will break the firefox sandbox which does not allow exec. This happened on Alpine Linux with musl libc[2].
Since we cannot guarantee that the system wordexp implementation does not execute shell, we cannot really use it, and need to implement the ~/ expansion ourselves.
We provide a configure option --with-wordexp for users that still may need it, but we leave this off by default because wordexp is a large large attack vector and it is better to avoid it.
Signed-off-by: Natanael Copa ncopa@alpinelinux.org
changes v2:
- add configure option to enable old behaviour which uses wordexp. this is off by default.
I was not sure if I should use --with-wordexp or --enable-wordexp but went with --with-wordexp similar to --with-softfloat.
That's OK, a matter of taste.
Applied now as is. Thanks.
Takashi