Re: [PATCH] kconfig: place git SHA1 in .config output if in SCM

From: Linus Torvalds
Date: Tue Mar 02 2010 - 20:30:55 EST

On Tue, 2 Mar 2010, Paul E. McKenney wrote:
> + env = getenv(SRCTREE);
> + if (env) {
> + sprintf(cmdline,
> + "%s/scripts/setlocalversion %s 2> /dev/null",
> + env, env);
> + slv = popen(cmdline, "r");

I suspect this does various bad things if there are spaces or special
characters in $SRCTREE.

It would be a lot safer to uses fork/execve rather than something
that interprets a shell command line.

Of course, I didn't check that all our old users of SRCTREE are safe
either, but at least docproc.c (the one I _did_ check) uses 'execvp()' and
'fopen()' that both take real filenames, not a shell string.

To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at
Please read the FAQ at