[Scons-users] Bash + os.environ is an evil

[Pawel Tomulik]

W dniu 04.04.2014 17:13, Gary Oberbrunner pisze:

> On Fri, Apr 4, 2014 at 9:45 AM, Paweł Tomulik <ptomulik at meil.pw.edu.pl

> <mailto:ptomulik at meil.pw.edu.pl>> wrote:

>

>     Not really a question, just want to share my today's experience.

>

>     This code

>

>     import os

>     env = Environment(ENV = os.environ)

>

>     can cause real headache. Especially if SCons is started under bash.

>

>     It appears, that os.environ may contain bash functions, for example:

>

>     {  'module' : "() { eval `/usr/bin/modulecmd bash \$*`\n}", ... }

>

>     The effect is, that SCons executes these functions occasionally when

>     executing its actions, especially when configuring with SConf.

>

>     ...

>

>

> Hi Paweł; that's the first I've ever heard of shell functions going into

> the shell environment, but I can see it's possible.  They are just

> strings of course, but some shells may treat them specially.

>

> However, SCons should NEVER execute those!  It should treat all

> os.environ pairs as simple key:value pairs.  Perhaps you mean that when

> you export this environment to a subshell and the subshell tries to exec

> 'module', _it_ executes the offending shell function?  That of course

> would be possible (though amazingly annoying IMHO, unless someone was

> depending on it).

>


Here is a minimal example for SCons 2.3.0:

env = Environment()
env['ENV']['foo'] = '() { eval `echo just executed >&2`\n}'
cfg = env.Configure()
cfg.TryCompile("int main() { return 0; }", ".c")
env = cfg.Finish()


Run it with:

rm -rf .scon* && scons -Q && cat config.log

Regards!
-- 
Paweł Tomulik