Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Properly escape systemd environment options. #22214

Closed
wants to merge 1 commit into from
Closed

Properly escape systemd environment options. #22214

wants to merge 1 commit into from

Conversation

kevincox
Copy link
Contributor

@kevincox kevincox commented Jan 27, 2017
edited

Using toJSON on a string value works because the allowed JSON escape
sequences is almost a subset of the systemd allowed escape sequences.
The only exception is \/ which JSON allows but systemd doesn't.
Luckily this sequence isn't required and toJSON don't produce it making
the result valid for systemd consumption.

Examples of things that this fixes are environment variables with double
quotes or newlines.

Things done
  • Tested using sandboxing
    (nix.useSandbox on NixOS,
    or option build-use-sandbox in nix.conf
    on non-NixOS)
  • Built on platform(s)
    • NixOS
    • macOS
    • Linux
  • Tested compilation of all pkgs that depend on this change using nix-shell -p nox --run "nox-review wip"

@kevincox kevincox added 0.kind: regression Something that worked before working no longer 1.severity: security labels Jan 27, 2017
@kevincox kevincox self-assigned this Jan 27, 2017
@mention-bot
Copy link

@kevincox, thanks for your PR! By analyzing the history of the files in this pull request, we identified @edolstra, @ericsagnes and @bluescreen303 to be potential reviewers.

@kevincox kevincox removed 0.kind: regression Something that worked before working no longer 1.severity: security labels Jan 27, 2017
@cstrahan
Copy link
Contributor

(If you get a message about me messing with you're description, sorry about that -- accidentally clicked on one of those check marks)

@kevincox
systemd: Properly escape environment options.
957a91f 
Using toJSON on a string value works because the allowed JSON escape
sequences is almost a subset of the systemd allowed escape sequences.
The only exception is `\/` which JSON allows but systemd doesn't.
Luckily this sequence isn't required and toJSON don't produce it making
the result valid for systemd consumption.

Examples of things that this fixes are environment variables with double
quotes or newlines.
@grahamc
Copy link
Member

grahamc commented Feb 21, 2017

Merged in da33c8a, thank you!

@grahamc grahamc closed this Feb 21, 2017
@kevincox kevincox deleted the env-quotes branch September 20, 2023 12:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@kevincox kevincox

Labels
0.kind: enhancement 6.topic: nixos
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@kevincox @mention-bot @cstrahan @grahamc