Prevent the commands output of pkg_version.pl from being executed without the

user actually editing the output.  Too many people were rampantly abusing
this feature via "pkg_version -c | sh" without really being cognizant
of the dangers involved (ports upgrade kits) or the fact that it
just plain wasn't designed for it (dependencies).  We'll try to keep
people from shooting themselves in the foot.

Will be MFC-ed to RELENG_4 and RELENG_3 after cooling-off period.

1 files changed, 14 insertions, 0 deletions

diff --git a/usr.sbin/pkg_install/version/pkg_version.pl b/usr.sbin/pkg_install/version/pkg_version.pl
index 633e107..3a57510 100755
--- a/usr.sbin/pkg_install/version/pkg_version.pl
+++ b/usr.sbin/pkg_install/version/pkg_version.pl
@@ -325,6 +325,20 @@ while (<INDEX>) {
 close INDEX;
 
 #
+# If we're doing commands output, cripple the output so that users
+# can't just pipe the output to sh(1) and expect this to work.
+#
+if ($ShowCommandsFlag) {
+    print<<EOF
+echo "The commands output of pkg_version cannot be executed without editing."
+echo "You MUST save this output to a file and then edit it, taking into"
+echo "account package dependencies and the fact that some packages cannot"
+echo "or should not be upgraded." 
+exit 1
+EOF
+}
+
+#
 # Produce reports
 #
 # Prior versions of pkg_version used commas (",") as delimiters