pwntools icon indicating copy to clipboard operation
pwntools copied to clipboard
verified publisher icon Gallopsled

Namespace pollution: generic CLI commands installed by default (`main`, `errno`, `update`, etc.)

Open ehaupt opened this issue 5 months ago • 3 comments

I maintain the FreeBSD port of the Python package pwntools. I recently received a report highlighting that pwntools installs a large number of extremely generic CLI commands into $PATH by default (main, version, update, debug, errno, etc.).

Aside from clutter, this leads to direct conflicts. For example, errno conflicts with the errno utility from moreutils. The interfaces aren’t identical, so it isn’t straightforward for users to alias around this without uninstalling one or the other.

I’m aware of and appreciate the existence of the --only-use-pwn-command flag, which I can pass during packaging to install only the pwn command. However, I wanted to raise the possibility of:

  • Making --only-use-pwn-command the default, requiring explicit opt-in for the additional generic aliases.

  • Alternatively, prefixing the CLI aliases (e.g., pwn-main, pwn-update) to reduce namespace conflicts while retaining functionality.

Downstream issue (funny read): https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=287992

ehaupt avatar Jul 04 '25 11:07 ehaupt

Hey 👋 , thanks for your work! There were other reports of those CLI scripts being annoying and we looked into how to clean this up and make it easier to package. We've removed the obvious useless commands (main, update, common, version) and added a deprecation notice to most of the other commands in 4.15.0 except checksec, constgrep, libcdb, phd, pwnstrip, and shellcraft. We plan to remove them in 5.0.0. Would that work for you or would you still require some custom patches before packaging?

How did you specify the --only-use-pwn-command flag to pip? We removed it in 5.0.0 since we couldn't find a way to pass it to pip anymore.

#2361 #2364

peace-maker avatar Jul 04 '25 12:07 peace-maker

Thanks for the detailed update @peace-maker. What you’ve done in 4.15.0 works for me, and removing the remaining deprecated commands in 5.0.0 sounds good from the packaging side.

I agree with the general direction, though I’d suggest considering renaming the remaining scripts with generic names (like checksec → pwnchecksec) to reduce the risk of namespace collisions with other system utilities.

Regarding the --only-use-pwn-command flag: FreeBSD ports currently packages 4.14.1, using a framework macro called PYDISTUTILS_INSTALLARGS. How it passes the argument to pip is handled within the ports framework (details here: https://github.com/freebsd/freebsd-ports/blob/main/Mk/Uses/python.mk), but I understand if maintaining that flag isn’t feasible going forward.

Thanks again for taking the time to clean this up!

ehaupt avatar Jul 04 '25 14:07 ehaupt

except checksec, constgrep, libcdb, phd, pwnstrip, and shellcraft

t'was i, the complainer on FreeBSD bugzilla. i concur; that's the perfect list

thank you @peace-maker for your very timely feedback and open collaboration

fantastic project, fellows. doing God's work, you are

NatUni avatar Jul 05 '25 16:07 NatUni