On Fri, Jan 10, 2025 at 04:09:42PM +0100, Ingo Schwarze wrote:
<SNIP>
> That "do something better" did indeed happen later, specifically,
> three years later. In rev. 1.30 (June 26, 2014), i finally got
> rid of the STDERR trashing at the higher level and instead
> added the ">& /dev/null" to check_csh(). Not adding anything
> to the check_sh() and check_ksh() functions was intentional
> because STDERR trouble had only been observed with csh + tset,
> not with ksh.
>
> Maybe we could also investigate whether things have changed in that
> decade so that we can now make check_csh() more strict, too,
> and change ">& /dev/null" to just "> /dev/null" there.
> But that's a separate question and not for this patch.
>
> Any OKs for the following patch?
This seems OK to me.
Starting a background process that outputs to STDOUT seems like a
strange choice, but since we were planning to throw away any extra
output anyway, why not do it earlier and be more robust.
> Ingo
>
>
> Index: security
> ===================================================================
> RCS file: /cvs/src/libexec/security/security,v
> diff -u -p -r1.45 security
> --- security 10 Jan 2025 10:16:48 -0000 1.45
> +++ security 10 Jan 2025 13:53:12 -0000
> @@ -256,7 +256,8 @@ sub check_sh {
> $umaskset ||= check_umask($filename);
>
> nag !(open my $fh, '-|', qw(/bin/sh -c),
> - ". $filename; echo ENV=\$ENV; echo PATH=\$PATH"),
> + ". $filename > /dev/null; " .
> + "echo ENV=\$ENV; echo PATH=\$PATH"),
> "cannot spawn /bin/sh: $!"
> and next;
> my @output = <$fh>;
> @@ -290,7 +291,7 @@ sub check_ksh {
> check_umask($filename);
>
> nag !(open my $fh, '-|', qw(/bin/ksh -c),
> - ". $filename; echo PATH=\$PATH"),
> + ". $filename > /dev/null; echo PATH=\$PATH"),
> "cannot spawn /bin/ksh: $!"
> and next;
> my @output = <$fh>;
>
--
