movefasta/nixpkgs
0
0
Fork 0
mirror of https://github.com/NixOS/nixpkgs.git synced 2025-07-14 06:00:33 +03:00
Code Activity

nixos/grub-install: don't rely on shell to run commands

Browse source 
data passed to these programs might be accidentially interpreted as
shell. Discovered in https://github.com/Mic92/envfs/issues/111
This commit is contained in:
Jörg Thalheim 2023-03-27 19:18:00 +02:00
parent 9d7912fff3
commit 5a23a24ba2
1 changed files with 6 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

13
nixos/modules/system/boot/loader/grub/install-grub.pl
View file

@ -47,10 +47,9 @@ sub writeFile {
} }
sub runCommand { sub runCommand {
my ($cmd) = @_; open(my $fh, "-|", @_) or die "Failed to execute: $@_\n";
open FILE, "$cmd 2>/dev/null |" or die "Failed to execute: $cmd\n"; my @ret = $fh->getlines();
my @ret = <FILE>; close $fh;
close FILE;
return ($?, @ret); return ($?, @ret);
} }
@ -200,7 +199,7 @@ sub GrubFs {
$search = $types{$fsIdentifier} . ' '; $search = $types{$fsIdentifier} . ' ';
# Based on the type pull in the identifier from the system # Based on the type pull in the identifier from the system
my ($status, @devInfo) = runCommand("@utillinux@/bin/blkid -o export @{[$fs->device]}"); my ($status, @devInfo) = runCommand("@utillinux@/bin/blkid", "-o", "export", @{[$fs->device]});
if ($status != 0) { if ($status != 0) {
die "Failed to get blkid info (returned $status) for @{[$fs->mount]} on @{[$fs->device]}"; die "Failed to get blkid info (returned $status) for @{[$fs->mount]} on @{[$fs->device]}";
} }
@ -213,7 +212,7 @@ sub GrubFs {
# BTRFS is a special case in that we need to fix the referrenced path based on subvolumes # BTRFS is a special case in that we need to fix the referrenced path based on subvolumes
if ($fs->type eq 'btrfs') { if ($fs->type eq 'btrfs') {
my ($status, @id_info) = runCommand("@btrfsprogs@/bin/btrfs subvol show @{[$fs->mount]}"); my ($status, @id_info) = runCommand("@btrfsprogs@/bin/btrfs", "subvol", "show", @{[$fs->mount]});
if ($status != 0) { if ($status != 0) {
die "Failed to retrieve subvolume info for @{[$fs->mount]}\n"; die "Failed to retrieve subvolume info for @{[$fs->mount]}\n";
} }
@ -221,7 +220,7 @@ sub GrubFs {
if ($#ids > 0) { if ($#ids > 0) {
die "Btrfs subvol name for @{[$fs->device]} listed multiple times in mount\n" die "Btrfs subvol name for @{[$fs->device]} listed multiple times in mount\n"
} elsif ($#ids == 0) { } elsif ($#ids == 0) {
my ($status, @path_info) = runCommand("@btrfsprogs@/bin/btrfs subvol list @{[$fs->mount]}"); my ($status, @path_info) = runCommand("@btrfsprogs@/bin/btrfs", "subvol", "list", @{[$fs->mount]});
if ($status != 0) { if ($status != 0) {
die "Failed to find @{[$fs->mount]} subvolume id from btrfs\n"; die "Failed to find @{[$fs->mount]} subvolume id from btrfs\n";
} }