wsdd: Securely parse the workgroup name

Because of a single variable being passwd with the workgroup, it would
have been possible to inject shell commands here. Passing it in the
array prevents that.

Signed-off-by: Daniel Weismüller <daniel.weismueller@ipfire.org>

diff --git a/src/initscripts/packages/wsdd b/src/initscripts/packages/wsdd
index b07fe3ace26197e3ddf918b5ad6fec18de936f75..e4ae3d2989dbbb0a33c2184d451e0e30e2e13f1c 100644 (file)
--- a/src/initscripts/packages/wsdd
+++ b/src/initscripts/packages/wsdd
@@ -38,18 +38,20 @@ ARGS=(
 
        # Only use IPv4
        "--ipv4only"
+
+       # Configure the workgroup
+       "--workgroup" "$(testparm -s --parameter-name workgroup 2>/dev/null)"
 )
 
 INTERFACES="--interface ${GREEN_DEV}"
 if [ -n "${BLUE_DEV}" ]; then
         INTERFACES="${INTERFACES} --interface ${BLUE_DEV}"
 fi
-WSDD_WORKGROUP="--workgroup $(/usr/bin/testparm -s --parameter-name workgroup 2>/dev/null)"
 
 case "$1" in
        start)
                boot_mesg "Starting wsdd daemon..."
-               loadproc -b -p "${PIDFILE}" /usr/bin/wsdd "${ARGS[@]}" ${INTERFACES} ${WSDD_WORKGROUP}
+               loadproc -b -p "${PIDFILE}" /usr/bin/wsdd "${ARGS[@]}" ${INTERFACES}
                ;;
 
        stop)