summaryrefslogtreecommitdiff
path: root/deb-view.el
diff options
context:
space:
mode:
authorDavid Bremner <david@tethera.net>2018-10-20 11:46:18 -0300
committerDavid Bremner <david@tethera.net>2018-10-20 11:48:28 -0300
commitd86e33ed87d7e605d23ab504e71cbfec051e907b (patch)
tree63d8971066671d8adf361c6ab39c59be53743da1 /deb-view.el
parent407f1c6b256ed4273f2adc7bf6cf4a737a1e9fdd (diff)
drop use of shell-file-name in call-process
Using the shell to exec commands introduces various security problems.
Diffstat (limited to 'deb-view.el')
-rw-r--r--deb-view.el12
1 files changed, 4 insertions, 8 deletions
diff --git a/deb-view.el b/deb-view.el
index f453f56..2cd2830 100644
--- a/deb-view.el
+++ b/deb-view.el
@@ -359,8 +359,7 @@ at the prompt."
(save-excursion
(set-buffer file-buffer)
(erase-buffer)
- (call-process shell-file-name nil t nil shell-command-switch
- (concat "file " debfile))
+ (call-process "file" nil '(t t) debfile)
(goto-char 1)
(if (string-match "archive" (buffer-string))
t
@@ -373,8 +372,7 @@ at the prompt."
(cond
(new-archive-format
;; New deb format (archive)
- (call-process shell-file-name nil t nil shell-command-switch
- (concat "dpkg-deb --ctrl-tarfile " debfile))
+ (call-process "dpkg-deb" nil '(t t) nil "--ctrl-tarfile" debfile)
(goto-char 1)
(setq buffer-file-name (concat deb-view-file-name "-INFO"))
(if (fboundp 'set-buffer-multibyte) (set-buffer-multibyte nil))
@@ -392,8 +390,7 @@ at the prompt."
(t
;; Old deb format
(message "deb-view old dpkg binary format")
- (call-process shell-file-name nil t nil shell-command-switch
- (concat "dpkg-deb -I " debfile))
+ (call-process "dpkg-deb" nil '(t t) nil "-I" debfile)
(setq buffer-read-only t)
(set-buffer-modified-p nil)
(goto-char 1)
@@ -439,8 +436,7 @@ at the prompt."
(error "%s: Not a valid package file" deb-view-buffer-name))
(call-process-region (point-min) (point-max) "xz" t t nil "-cd"))))
(t
- (call-process shell-file-name nil t nil shell-command-switch
- (concat "dpkg-deb --fsys-tarfile " debfile))))
+ (call-process "dpkg-deb" '(t t) nil "--fsys-tarfile " debfile)))
(goto-char 1)
(setq buffer-file-name (concat deb-view-file-name "-DATA"))
(if (fboundp 'set-buffer-multibyte) (set-buffer-multibyte nil))