New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Debian Package setup fails if the setup password contains spaces #6918

Open
gohrner opened this Issue Sep 2, 2018 · 1 comment

Comments

2 participants
@gohrner

gohrner commented Sep 2, 2018

Installing the tine20 Debian Package always failed on my system, even after unsetting the LANG variable.

/var/lib/dpkg/info/tine20.postinst: 58: [: pJBBCGS9: unexpected operator

I had to take a look at the postinst script to understand it was caused by my auto-generated setup password containing spaces...

It's somewhat dangerous to use a completely unquoted password there, and also other special characters in the password may cause script failures / syntax error and whatever.

At least, the password should be quoted everywhere where it's used in the script, but in addition, the password selection dialog should explicitly warn about the password being used in unsafe ways in shell scripts and ask to avoid special characters.

A user won't try to perform code injections on her/his own server, of course, but inadvertedly using "wrong" characters in ones password really happens easily.

@pschuele

This comment has been minimized.

Show comment
Hide comment
@pschuele

pschuele Sep 3, 2018

Member

that's true, thanks for opening the issue. I'll have a look.

Member

pschuele commented Sep 3, 2018

that's true, thanks for opening the issue. I'll have a look.

@pschuele pschuele self-assigned this Sep 3, 2018

@pschuele pschuele added this to To do in Tine 2.0 Development via automation Sep 3, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment