>Number:         20518
>Category:       pkg
>Synopsis:       pkg_add fails when path to file includes whitespace
>Confidential:   no
>Severity:       serious
>Priority:       high
>Responsible:    pkg-manager
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Feb 27 19:17:00 PST 2003
>Closed-Date:
>Last-Modified:
>Originator:     Darren Reed
>Release:        NetBSD 1.6
>Organization:
>Environment:
>Description:
pkg_add fails to work when the path to the package contains a space.
e.g.
cd /tmp
mkdir "new dir"
mv tcsh-6.12.00.tgz "new dir"
pkg_add "./new dir/tcsh-6.12.00.tgz"
/usr/bin/tar: can't open archive ./new : No such file or directory
...

This suggests that tar is being called in an unsafe manner from within
pkg_add, along with other commands ?
This probably needs to be a fork/execl instead of using system so that
there's no shell interpreting or parsing of the filename.

>How-To-Repeat:
see description.

>Fix:
Suggest replace system() with execl()
>Release-Note:
>Audit-Trail:
>Unformatted: