[GHC] #8802: createProcess implictlitly escapes and quotes command line parameters
GHC
ghc-devs at haskell.org
Thu Feb 20 10:30:12 UTC 2014
#8802: createProcess implictlitly escapes and quotes command line parameters
--------------------------------------+------------------------------------
Reporter: jstolarek | Owner:
Type: bug | Status: closed
Priority: high | Milestone: 7.8.1
Component: libraries/process | Version: 7.9
Resolution: invalid | Keywords:
Operating System: Linux | Architecture: Unknown/Multiple
Type of failure: Runtime crash | Difficulty: Unknown
Test Case: | Blocked By:
Blocking: | Related Tickets:
--------------------------------------+------------------------------------
Changes (by nomeata):
* status: new => closed
* resolution: => invalid
Comment:
Well, if you check where `translate` is being used: It is only used on
Windows (and on Linux when ''showing'' the command).
In your example you are using `proc`, where the main feature is precisely
that it is ''not'' being passed through the shell. This is important: With
`proc` it is safe to call `proc "echo" [possibly_malicous_string]`. So it
is correct behaviour that you cannot used shell features with `proc`. Any
security-aware code should only use `proc` or be very careful when using
`shell`.
If you want shell features, use `shell` instead of `proc`.
--
Ticket URL: <http://ghc.haskell.org/trac/ghc/ticket/8802#comment:6>
GHC <http://www.haskell.org/ghc/>
The Glasgow Haskell Compiler
More information about the ghc-tickets
mailing list