fscrypt.git/cmd/fscrypt/fscrypt_bash_completion, branch master Go tool for managing Linux filesystem encryption bash_completion: fix command injection and incorrect completions 2022-02-23T20:35:04+00:00 Eric Biggers ebiggers@google.com 2022-02-23T20:35:04+00:00 fa1a1fdbdea65829ce24a6b6f86ce2961e465b02 Mountpoint paths might be untrusted arbitrary strings; the fscrypt bash completion script might need to complete to such strings. Unfortunately, the design of bash completion places some major footguns in the way of doing this correctly and securely: - "compgen -W" expands anything passed to it, so the argument to -W must be single-quoted to avoid an extra level of expansion. - The backslashes needed to escape meta-characters in the completed text aren't added automatically; they must be explicitly added. Note that the completion script for 'umount' used to have these same bugs (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892179, https://github.com/util-linux/util-linux/issues/539). Fix these bugs in roughly the same way that 'umount' fixed them. 
Mountpoint paths might be untrusted arbitrary strings; the fscrypt bash
completion script might need to complete to such strings.
Unfortunately, the design of bash completion places some major footguns
in the way of doing this correctly and securely:

   - "compgen -W" expands anything passed to it, so the argument to -W
     must be single-quoted to avoid an extra level of expansion.

   - The backslashes needed to escape meta-characters in the completed
     text aren't added automatically; they must be explicitly added.

Note that the completion script for 'umount' used to have these same
bugs (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892179,
https://github.com/util-linux/util-linux/issues/539).

Fix these bugs in roughly the same way that 'umount' fixed them.
bash-completion: add completion script 2020-11-30T21:49:06+00:00 Henry-Joseph Audéoud henry-joseph.audeoud@univ-grenoble-alpes.fr 2020-10-30T10:41:52+00:00 b74cd30fd7b0ebf30ef570f7bfa78dfcd62d80d5