Open Neo-Oli opened 7 years ago
Thanks for the report! That sounds like a reasonable change.
@Neo-Oli Hmm, it's fairly common to hard-code well known paths like /bin/sh
, especially when you want to reduce the chances of running arbitrary executables. Is Termux really expecting all software that gets run in that environment to have to change? There are over 200,000 matches for /bin/sh
on Debian's code search.
@jamessan Those 200'000 matches are mostly shebangs, which can be easily dealt with (termux-fix-shebang
in Termux). The problem is when /bin/sh
or similar gets executed directly from the script. Also this is not a Problem of Termux. It's a problem of Android. Android doesn't have a /bin/
directory (It has /system/bin/
). So code like this can't run on Android. But it's not just Termux that this problem occurs on. All Prefixed systems, like Gentoo Prefix, likely suffer from the same problem. That's why most modern software tries to avoid hard-coding paths.
Checking if /bin/sh
is executable is a good idea anyway, since the error messages it gives lead one to conclude that gpg is somehow broken. I implore you to at least use the sh
that's in the $PATH if /bin/sh
is not executable.
That's why most modern software tries to avoid hard-coding paths.
I get that, but there are trade-offs to that choice. Allowing any arbitrary executable in $PATH
which happens to be named sh
to run increases the potential risk of exposing the user's sensitive information. Although, I guess that argument doesn't really hold water given that the plugin is not using a qualified path for gpg itself.
Checking if /bin/sh is executable is a good idea anyway, since the error messages it gives lead one to conclude that gpg is somehow broken.
Completely agree with this point.
I'm trying to get this to run on Termux.
/bin/sh
doesn't exist on this system. I had to change Line 361 tolet s:shell = 'sh'
to get it to work. Perhaps this should be the default, or at least be a fallback if/bin/sh
doesn't exist