Subject: pkg/20518: pkg_add fails when path to file includes whitespace
To: None <email@example.com>
From: None <firstname.lastname@example.org>
Date: 02/27/2003 19:16:43
>Synopsis: pkg_add fails when path to file includes whitespace
>Arrival-Date: Thu Feb 27 19:17:00 PST 2003
>Originator: Darren Reed
>Release: NetBSD 1.6
pkg_add fails to work when the path to the package contains a space.
mkdir "new dir"
mv tcsh-6.12.00.tgz "new dir"
pkg_add "./new dir/tcsh-6.12.00.tgz"
/usr/bin/tar: can't open archive ./new : No such file or directory
This suggests that tar is being called in an unsafe manner from within
pkg_add, along with other commands ?
This probably needs to be a fork/execl instead of using system so that
there's no shell interpreting or parsing of the filename.
Suggest replace system() with execl()