From: Stefan Sperling Subject: Re: dial fix for git-shell To: Omar Polo Cc: gameoftrees@openbsd.org Date: Wed, 8 Mar 2023 16:54:57 +0100 On Wed, Mar 08, 2023 at 04:01:20PM +0100, Omar Polo wrote: > do we really need to quote all these characters? Since we're wrapping > everything in _single_ quotes I thought we only needed to quote \ and > the single quote itself. I don't know. Are there rules in POSIX we can refer to? I took the quoting rules from /usr/bin/locale. I presume it makes it safe to run `eval` on locale's output (though I'd have to ask guenther@ for specifics). In any case, given that the remote server might be spawning a regular unix shell I think it makes sense to quote this argument by default, such that a bad path argument accidentally produced by some script will not cause problems. (Disregarding people trying to play jokes by removing this safe-guard and sending garbage on purpose, then it becomes a server-side problem). In case of gotsh/gotd we don't care, and we also don't really care whether any of these characters work in a gotd.conf repository path. Some of them probably won't ever work because of parse.y limitations? One problem could be that someone out there is using some characters in a path (perhaps ~ could appear somehwere) and someone else wants to use 'got clone' with the resulting URL. In that case they can always use Git as a workaround, or we can adjust our quoting as such problems get uncovered. Should we provide an option to turn the quoting off, just in case? > Then I took a look at git: in quote.c:sq_quote_buf quotes ' and ! > which I find admittedly confusing. it is the function used in > connect.c:git_connect to prepare the ssh connection. No idea. Even just the single-quote requirement of git-shell is silly to begin with. git-shell should be doing its own escaping, assuming arbitrary input, not require the input to be already quoted somehow.