Re: [hackers] [dmenu][PATCH] Replace dmenu_run shell with executed application

From: Platon Ryzhikov <ihummer63_AT_yandex.ru>
Date: Sun, 10 Feb 2019 15:49:38 +0300

How about the following then:
#!/bin/sh
${SHELL:-"/bin/sh"} -c "$(dmenu_path | dmenu "$_AT_") & exit"

This doesn't keep shell in processes but at the same time allows to run scripts

10.02.2019, 14:40, "Hiltjo Posthuma" <hiltjo_AT_codemadness.org>:
> On Sun, Feb 10, 2019 at 11:40:06AM +0100, Leonardo Taccari wrote:
>>  Hello Nick,
>>
>>  Nick writes:
>>  > [...]
>>  > Ignore if you're too busy, but why is this considered bad practise?
>>  > Is there some case of possible shell escaping or something I'm
>>  > failing to see? I just ask for my own education.
>>  >
>>
>>  (I have no idea if this was original rationale about why not applying
>>  this patch but I will try to share why it can be problematic in
>>  some cases IME.)
>>
>>  According dmenu(1) man page:
>>
>>  > dmenu_run is a script used by dwm(1) which lists programs in the user's
>>  > $PATH and runs the result in their $SHELL.
>>
>>  by using `exec' this is no longer true.
>>
>>  The user's $SHELL is no longer used and what can be typed in
>>  `dmenu_run' is now restricted, (I don't know how usual is but
>>  sometimes I use `|' and other shell commands in dmenu_run).
>
> Exactly this.
>
> It works like this since atleast 2011 (commit
> 56a0d1fa14de915419c037ac2604fe5c5b1fe4a3). If you dig in the git history you
> can see we've had most possible combinations already.
>
> --
> Kind regards,
> Hiltjo
Received on Sun Feb 10 2019 - 13:49:38 CET