vsh treats --command="..." as a shell string. that's fine for a rough/first pass. we should improve it so we can pass argv through sanely.
proposed change to the vsh UI to make it behave like `sudo`:
vsh [options] [-- [ENV=VAR] [args]]
that means by default, the args are turned directly into an argv and exec-ed. there is no shell indirection. this allows us to very cleanly and precisely run commands with random args inside of the container.
sudo detects all args as env vars if it has an = in it and does no other validation. that means you could pass in "invalid" values like:
sudo 'X_@!()=foo' env | grep ^X_
X_@!()=foo
but it would mean you couldn't run a program directly which has an "=" in it ...
i'd be fine if we wanted to restrict this at first to only allowing POSIX defined env vars:
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08
Environment variable names used by the utilities in the Shell and Utilities volume of POSIX.1-2008 consist solely of uppercase letters, digits, and the <underscore> ( '_' ) from the characters defined in Portable Character Set and do not begin with a digit.
overall, this means changing the vsh argv parsing slightly, but it would also mean changing the vsh.proto file to pass down any array of strings for the command instead of a plain string.
Comment 1 by bugdroid1@chromium.org
, Mar 9 2018