[GNC-dev] Perl SheBang
John Ralls
jralls at ceridwen.us
Mon Feb 4 10:32:38 EST 2019
> On Feb 4, 2019, at 1:27 AM, Alain D D Williams <addw at phcomp.co.uk> wrote:
>
> On Mon, Feb 04, 2019 at 10:23:46AM +0100, Frank H. Ellenberger wrote:
>>
>>
>> Am 04.02.19 um 09:40 schrieb Christian Stimming:
>>> Thanks for the pointer. I've copied this script into our git at
>>> ./util/obfuscate.pl
>>
>> While for most gnc-fq-* scripts we us
>> #!@-PERL-@
>> and adjust them while building.
>>
>> In utils all perl scripts are hardcoded to
>> #! /usr/bin/perl
>> Wouldn't it make sense to have them also configurable?
No, because gnc-fq-* are build products and util/*.pl are build tools. Since obfuscate.pl isn't a build tool it doesn't belong in util; if we're going to distribute it for users (and if we're not why put it in the repo at all?) then it needs to go somewhere Cmake can find it and install it to $CMAKE_INSTALL_PREFIX/bin or libexec and it needs to be renamed to "gnc-xml-obfuscate".
>
> How about going:
>
> #! /usr/bin/env perl
That's widely regarded as a security hole, though it's also widely used. Since it's trivial to override the shebang by calling the perl of your choice and passing the script as $1 it's kind of pointless.
While we're on the topic of shebangs remember that they don't work on Windows. Remember too that running this obfuscate script on Windows will require the user to install perl. They might already have done so for Finance::Quote, but lots of users don't use F::Q.
Regards,
John Ralls
More information about the gnucash-devel
mailing list