From patchwork Thu Oct 9 17:57:03 2014 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Peter Foley X-Patchwork-Id: 5060171 Return-Path: X-Original-To: patchwork-linux-kbuild@patchwork.kernel.org Delivered-To: patchwork-parsemail@patchwork1.web.kernel.org Received: from mail.kernel.org (mail.kernel.org [198.145.19.201]) by patchwork1.web.kernel.org (Postfix) with ESMTP id E7D129F349 for ; Thu, 9 Oct 2014 17:57:34 +0000 (UTC) Received: from mail.kernel.org (localhost [127.0.0.1]) by mail.kernel.org (Postfix) with ESMTP id 1744E201F2 for ; Thu, 9 Oct 2014 17:57:34 +0000 (UTC) Received: from vger.kernel.org (vger.kernel.org [209.132.180.67]) by mail.kernel.org (Postfix) with ESMTP id D56E02015D for ; Thu, 9 Oct 2014 17:57:32 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S1751060AbaJIR5b (ORCPT ); Thu, 9 Oct 2014 13:57:31 -0400 Received: from mail-qa0-f50.google.com ([209.85.216.50]:48254 "EHLO mail-qa0-f50.google.com" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S1751006AbaJIR5a (ORCPT ); Thu, 9 Oct 2014 13:57:30 -0400 Received: by mail-qa0-f50.google.com with SMTP id w8so536501qac.37 for ; Thu, 09 Oct 2014 10:57:29 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=pefoley.com; s=google; h=from:to:cc:subject:date:message-id; bh=mfJM59DYTUGt23mdlO09Lp7/PWBWsP7nSAOXAEwa9Dk=; b=a6JD3Mx7glvLK22EKuD46hM0bN58748RulOZwFSj5MxfuEGs0TjtZSY1KmPiRF0P5e BxJ8ly7wSG+ShmwqMaz1wWskuda3nkVFpo1lb01a8n1JgEtnrcKBauQZxpQSlrgiNqQu daho8Dr0xXPDHubRIylh2su02AX5ELGfK8KH0= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=mfJM59DYTUGt23mdlO09Lp7/PWBWsP7nSAOXAEwa9Dk=; b=mFjAGPJAacbetVdBnSdq3LH4VBThC9fpIGnJXwy4FO2/IhkfpQ8WpVI1kpsc17zjxM 6/OGVGq8oGL6/OeG8b9zPWxIlbuj381oSA+os0AIei1oBPe1ZDkbGDS/kuTz8yRQ+XGr LTzIAjwJopE4HOvhejld8ioysOy+nqYeJ8a9/Zfv8bJPXB5XT12F7vd/2BA0y+OWB5Ab Ht7/GQcFiNxeNk5miI7/6y0dbiq3guu5sF+970i9jaevNqcgdBONqR4zoH5+EeZcbj83 WW6Jf79y912k9SIN5sLm3f584yVh2UmbAtTnS2mfpmYiRJODrnzZSFq0/S7hu7zVA5i0 R4YQ== X-Gm-Message-State: ALoCoQmzuskq0Z5GOzwC5z5Tlnj6J9fkpONyh9yRYdFTDEkoFuI19PyxoLiRhYn2Yva0PwdvMW/O X-Received: by 10.224.60.129 with SMTP id p1mr25063979qah.99.1412877449645; Thu, 09 Oct 2014 10:57:29 -0700 (PDT) Received: from bronx.local.pefoley.com (pool-72-66-106-127.washdc.fios.verizon.net. [72.66.106.127]) by mx.google.com with ESMTPSA id u34sm2944419qge.18.2014.10.09.10.57.24 for (version=TLSv1.2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Thu, 09 Oct 2014 10:57:25 -0700 (PDT) From: Peter Foley To: linux-kernel@vger.kernel.org Cc: foxwilson123@gmail.com, mmarek@suse.cz, fbuihuu@gmail.com, linux-kbuild@vger.kernel.org, Peter Foley Subject: [PATCH] scripts: don't source auto.conf for LOCALVERSION Date: Thu, 9 Oct 2014 13:57:03 -0400 Message-Id: <1412877423-19843-1-git-send-email-pefoley2@pefoley.com> X-Mailer: git-send-email 2.1.2 Sender: linux-kbuild-owner@vger.kernel.org Precedence: bulk List-ID: X-Mailing-List: linux-kbuild@vger.kernel.org X-Spam-Status: No, score=-6.8 required=5.0 tests=BAYES_00,DKIM_SIGNED, RCVD_IN_DNSWL_HI,T_DKIM_INVALID,T_RP_MATCHES_RCVD,UNPARSEABLE_RELAY autolearn=ham version=3.3.1 X-Spam-Checker-Version: SpamAssassin 3.3.1 (2010-03-16) on mail.kernel.org X-Virus-Scanned: ClamAV using ClamSMTP setlocalversion currently sources auto.conf to get a value for CONFIG_LOCALVERSION. This interprets auto.conf as a bash script, causing CONFIG_LOCALVERSION="`rm -rf --no-preserve-root /`" to actually execute the command inside the backticks when setlocalversion is called. While the possibility of something like this happening is remote, use sed to avoid potential harm from untrusted .config files. Reported-by: Fox Wilson Signed-off-by: Peter Foley --- scripts/setlocalversion | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/setlocalversion b/scripts/setlocalversion index 63d91e2..5b00123 100755 --- a/scripts/setlocalversion +++ b/scripts/setlocalversion @@ -141,7 +141,7 @@ if $scm_only; then fi if test -e include/config/auto.conf; then - . include/config/auto.conf + CONFIG_LOCALVERSION=$(sed -n 's/CONFIG_LOCALVERSION="\(.*\)"/\1/p' include/config/auto.conf) else echo "Error: kernelrelease not valid - run 'make prepare' to update it" exit 1