Well, if you check where translate is being used: It is only used on Windows
Hm... looks like you're right. In that case which part of the code quotes parameters to proc? Because this clearly is performed at some
With proc it is safe to call proc "echo" [possibly_malicous_string]
I don't understand this. Could you give example of how
#8802: createProcess implictlitly escapes and quotes command line parameters --------------------------------------+------------------------------------ Reporter: jstolarek | Owner: Type: bug | Status: closed Priority: high | Milestone: 7.8.1 Component: libraries/process | Version: 7.9 Resolution: invalid | Keywords: Operating System: Linux | Architecture: Unknown/Multiple Type of failure: Runtime crash | Difficulty: Unknown Test Case: | Blocked By: Blocking: | Related Tickets: --------------------------------------+------------------------------------ Comment (by nomeata): point. No, they are not escaped and they need not to be; they are put in separate strings and passed to `execve`. Escaping is only required if you use the shell to execute the program – if you don’t use the shell, no escaping is required. possibly_malicous_string could be dangerous (assuming characters are not escaped)? {{{ possibly_malicous_string = "$(rm -rf /)" }}}
If you want shell features, use shell instead of proc
Problem with shell is that it runs sh shell, not bash. Replacing proc with shell in my example code gives:
/bin/sh: -c: line 0: syntax error near unexpected token `(' /bin/sh: -c: line 0: `diff <(echo $FOO) <(echo $BAR)'
Well, if you want a different shell than your system default, I guess you need to invoke it explicitly: {{{ proc "bash" ["-c", some_bash_script] }}}
I don't think this ticket should be closed - this is at least a documentation bug.
I wouldn’t call it a bug; the semantics of `proc` vs. `shell` are quite standard and expected, at least with some background in Unix systems assumed. But of course there is always room for improvement. Any suggestions? Maybe “Because the command is executed directly, and not via a shell, the arguments do not need to be escaped, but you cannot use shell features like output redirection”? -- Ticket URL: http://ghc.haskell.org/trac/ghc/ticket/8802#comment:8 GHC http://www.haskell.org/ghc/ The Glasgow Haskell Compiler