diff options
author | Florent Villard <warly@mandriva.com> | 2006-10-17 13:53:27 +0000 |
---|---|---|
committer | Florent Villard <warly@mandriva.com> | 2006-10-17 13:53:27 +0000 |
commit | 8a9d567022791fc58c2142701516a6c6f48e42d8 (patch) | |
tree | d235c43486f3cdd2200d99b18e9475709a971202 /bin/youri-submit-restricted.in | |
parent | c4d64863270bc02078bb4d9a0d7e9fdadca51c0f (diff) | |
download | mga-youri-submit-8a9d567022791fc58c2142701516a6c6f48e42d8.tar mga-youri-submit-8a9d567022791fc58c2142701516a6c6f48e42d8.tar.gz mga-youri-submit-8a9d567022791fc58c2142701516a6c6f48e42d8.tar.bz2 mga-youri-submit-8a9d567022791fc58c2142701516a6c6f48e42d8.tar.xz mga-youri-submit-8a9d567022791fc58c2142701516a6c6f48e42d8.zip |
merge with upstream
Diffstat (limited to 'bin/youri-submit-restricted.in')
-rwxr-xr-x | bin/youri-submit-restricted.in | 64 |
1 files changed, 64 insertions, 0 deletions
diff --git a/bin/youri-submit-restricted.in b/bin/youri-submit-restricted.in new file mode 100755 index 0000000..d28ba84 --- /dev/null +++ b/bin/youri-submit-restricted.in @@ -0,0 +1,64 @@ +#!/usr/bin/perl -T + +=head1 NAME + +youri-submit-restricted - filtering wrapper over youri-submit + +=head1 VERSION + +Version 1.0 + +=head1 SYNOPSIS + +youri-submit-restricted [options] <target> <files> + +=head1 DESCRIPTION + +youri-submit-restricted is just a filtering wrapper over youri-submit, intended +to be used in collaborative work to sanitize environment and options before +calling it. + +=head1 SEE ALSO + +youri-submit(1) + +=head1 COPYRIGHT AND LICENSE + +Copyright (C) 2002-2006, YOURI project + +This program is free software; you can redistribute it and/or modify it under the same terms as Perl itself. + +=cut + +use strict; +use warnings; + +my $prog = '@bindir@/youri-submit'; +my @prohibited_options = qw/--config --skip-check --skip-action/; +my %prohibited_options = map { $_ => 1 } @prohibited_options; +my @prohibited_envvars = qw/ + ENV BASH_ENV IFS CDPATH + PERLLIB PERL5LIB PERL5OPT PERLIO + PERLIO_DEBUG PERL5DB PERL_ENCODING + PERL_HASH_SEED PERL_SIGNALS PERL_UNICODE +/; + +my @options; +while (my $arg = shift @ARGV) { + if ($prohibited_options{$arg}) { + # drop prohibited options + print STDERR "prohibited option $arg, skipping\n"; + shift @ARGV; + } else { + # untaint everything else + $arg =~ /(.*)/; + push(@options, $1); + } +} + +# secure ENV +$ENV{PATH} = "/sbin:/usr/sbin:/bin:/usr/bin:/usr/X11R6/bin"; +delete $ENV{$_} foreach @prohibited_envvars; + +# call wrapped program +system($prog, @options); |