tjh.dev / kernel
Linux kernel mirror (for testing) git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
kernel os linux
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

docs: kernel_feat.py: fix potential command injection

The kernel-feat directive passes its argument straight to the shell.
This is unfortunate and unnecessary.

Let's always use paths relative to $srctree/Documentation/ and use
subprocess.check_call() instead of subprocess.Popen(shell=True).

This also makes the code shorter.

This is analogous to commit 3231dd586277 ("docs: kernel_abi.py: fix
command injection") where we did exactly the same thing for
kernel_abi.py, somehow I completely missed this one.

Link: https://fosstodon.org/@jani/111676532203641247
Reported-by: Jani Nikula <jani.nikula@intel.com>
Signed-off-by: Vegard Nossum <vegard.nossum@oracle.com>
Cc: stable@vger.kernel.org
Signed-off-by: Jonathan Corbet <corbet@lwn.net>
Link: https://lore.kernel.org/r/20240110174758.3680506-1-vegard.nossum@oracle.com

authored by

Vegard Nossum and committed by
Jonathan Corbet c48a7c44 1f4cac0f

+33 -66
+1 -1
Documentation/admin-guide/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features 3 + .. kernel-feat:: features
+1 -1
Documentation/arch/arc/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features arc 3 + .. kernel-feat:: features arc
+1 -1
Documentation/arch/arm/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features arm 3 + .. kernel-feat:: features arm
+1 -1
Documentation/arch/arm64/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features arm64 3 + .. kernel-feat:: features arm64
+1 -1
Documentation/arch/loongarch/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features loongarch 3 + .. kernel-feat:: features loongarch
+1 -1
Documentation/arch/m68k/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features m68k 3 + .. kernel-feat:: features m68k
+1 -1
Documentation/arch/mips/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features mips 3 + .. kernel-feat:: features mips
+1 -1
Documentation/arch/nios2/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features nios2 3 + .. kernel-feat:: features nios2
+1 -1
Documentation/arch/openrisc/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features openrisc 3 + .. kernel-feat:: features openrisc
+1 -1
Documentation/arch/parisc/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features parisc 3 + .. kernel-feat:: features parisc
+1 -1
Documentation/arch/powerpc/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features powerpc 3 + .. kernel-feat:: features powerpc
+1 -1
Documentation/arch/riscv/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features riscv 3 + .. kernel-feat:: features riscv
+1 -1
Documentation/arch/s390/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features s390 3 + .. kernel-feat:: features s390
+1 -1
Documentation/arch/sh/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features sh 3 + .. kernel-feat:: features sh
+1 -1
Documentation/arch/sparc/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features sparc 3 + .. kernel-feat:: features sparc
+1 -1
Documentation/arch/x86/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features x86 3 + .. kernel-feat:: features x86
+1 -1
Documentation/arch/xtensa/features.rst
··· 1 1 .. SPDX-License-Identifier: GPL-2.0 2 2 3 - .. kernel-feat:: $srctree/Documentation/features xtensa 3 + .. kernel-feat:: features xtensa
+12 -45
Documentation/sphinx/kernel_feat.py
··· 37 37 import subprocess 38 38 import sys 39 39 40 - from os import path 41 - 42 40 from docutils import nodes, statemachine 43 41 from docutils.statemachine import ViewList 44 42 from docutils.parsers.rst import directives, Directive ··· 74 76 self.state.document.settings.env.app.warn(message, prefix="") 75 77 76 78 def run(self): 77 - 78 79 doc = self.state.document 79 80 if not doc.settings.file_insertion_enabled: 80 81 raise self.warning("docutils: file insertion disabled") 81 82 82 83 env = doc.settings.env 83 - cwd = path.dirname(doc.current_source) 84 - cmd = "get_feat.pl rest --enable-fname --dir " 85 - cmd += self.arguments[0] 84 + 85 + srctree = os.path.abspath(os.environ["srctree"]) 86 + 87 + args = [ 88 + os.path.join(srctree, 'scripts/get_feat.pl'), 89 + 'rest', 90 + '--enable-fname', 91 + '--dir', 92 + os.path.join(srctree, 'Documentation', self.arguments[0]), 93 + ] 86 94 87 95 if len(self.arguments) > 1: 88 - cmd += " --arch " + self.arguments[1] 96 + args.extend(['--arch', self.arguments[1]]) 89 97 90 - srctree = path.abspath(os.environ["srctree"]) 91 - 92 - fname = cmd 93 - 94 - # extend PATH with $(srctree)/scripts 95 - path_env = os.pathsep.join([ 96 - srctree + os.sep + "scripts", 97 - os.environ["PATH"] 98 - ]) 99 - shell_env = os.environ.copy() 100 - shell_env["PATH"] = path_env 101 - shell_env["srctree"] = srctree 102 - 103 - lines = self.runCmd(cmd, shell=True, cwd=cwd, env=shell_env) 98 + lines = subprocess.check_output(args, cwd=os.path.dirname(doc.current_source)).decode('utf-8') 104 99 105 100 line_regex = re.compile(r"^\.\. FILE (\S+)$") 106 101 ··· 111 120 112 121 nodeList = self.nestedParse(out_lines, fname) 113 122 return nodeList 114 - 115 - def runCmd(self, cmd, **kwargs): 116 - u"""Run command ``cmd`` and return its stdout as unicode.""" 117 - 118 - try: 119 - proc = subprocess.Popen( 120 - cmd 121 - , stdout = subprocess.PIPE 122 - , stderr = subprocess.PIPE 123 - , **kwargs 124 - ) 125 - out, err = proc.communicate() 126 - 127 - out, err = codecs.decode(out, 'utf-8'), codecs.decode(err, 'utf-8') 128 - 129 - if proc.returncode != 0: 130 - raise self.severe( 131 - u"command '%s' failed with return code %d" 132 - % (cmd, proc.returncode) 133 - ) 134 - except OSError as exc: 135 - raise self.severe(u"problems with '%s' directive: %s." 136 - % (self.name, ErrorString(exc))) 137 - return out 138 123 139 124 def nestedParse(self, lines, fname): 140 125 content = ViewList()
+1 -1
Documentation/translations/zh_CN/arch/loongarch/features.rst
··· 5 5 :Original: Documentation/arch/loongarch/features.rst 6 6 :Translator: Huacai Chen <chenhuacai@loongson.cn> 7 7 8 - .. kernel-feat:: $srctree/Documentation/features loongarch 8 + .. kernel-feat:: features loongarch
+1 -1
Documentation/translations/zh_CN/arch/mips/features.rst
··· 10 10 11 11 .. _cn_features: 12 12 13 - .. kernel-feat:: $srctree/Documentation/features mips 13 + .. kernel-feat:: features mips
+1 -1
Documentation/translations/zh_TW/arch/loongarch/features.rst
··· 5 5 :Original: Documentation/arch/loongarch/features.rst 6 6 :Translator: Huacai Chen <chenhuacai@loongson.cn> 7 7 8 - .. kernel-feat:: $srctree/Documentation/features loongarch 8 + .. kernel-feat:: features loongarch 9 9
+1 -1
Documentation/translations/zh_TW/arch/mips/features.rst
··· 10 10 11 11 .. _tw_features: 12 12 13 - .. kernel-feat:: $srctree/Documentation/features mips 13 + .. kernel-feat:: features mips 14 14