Control: tags -1 +patch
Hi!
Here's a fix. I've used a modified version of bash's approach: let's check
the first line only, but declare any bytes 0..8, 16..26, 28..31, 127 as
non-text.
As dash hasn't seen a maintainer upload in three years, and the effective
freeze date is this Thursday, I'm uploading a DELAYED/2 NMU immediately.
Besides this RC fix, I've picked two other trivial bugs as well; please
shout if you want the upload cancelled or amended.
Patch and proposed NMU diff attached.
Meow!
--
Autotools hint: to do a zx-spectrum build on a pdp11 host, type:
./configure --host=zx-spectrum --build=pdp11
>From fe901f54d6504076ead29c9447f3abf7a903e9a8 Mon Sep 17 00:00:00 2001
From: Adam Borowski <kilob...@angband.pl>
Date: Tue, 24 Jan 2017 05:11:38 +0100
Subject: [PATCH 1/2] Don't execute binary files if execve() returned ENOEXEC.
Both "dash -c foo" and "./foo" are supposed to be able to run hashbang-less
scripts, but attempts to execute common binary files tend to be nasty:
especially both ELF and PE tend to make dash create a bunch of files with
unprintable names, that in turn confuse some tools up to causing data loss.
Thus, let's read the first line and see if it looks like text. This is a
variant of the approach used by bash and zsh; mksh instead checks for
signatures of a bunch of common file types.
POSIX says: "If the executable file is not a text file, the shell may bypass
this command execution.".
Signed-off-by: Adam Borowski <kilob...@angband.pl>
---
src/exec.c | 34 ++++++++++++++++++++++++++++++++++
1 file changed, 34 insertions(+)
diff --git a/src/exec.c b/src/exec.c
index ec0eadd..72acd5e 100644
--- a/src/exec.c
+++ b/src/exec.c
@@ -148,6 +148,38 @@ shellexec(char **argv, const char *path, int idx)
}
+/*
+ * Check if an executable that just failed with ENOEXEC shouldn't be
+ * considered a script (wrong-arch ELF/PE, junk accidentally set +x, etc).
+ * We check only the first line to allow binaries encapsulated in a shell
+ * script without proper quoting. The first line, if not a hashbang, is
+ * likely to contain comments; even ancient encodings, at least popular
+ * ones, don't use 0x7f nor values below 0x1f other than whitespace (\t,
+ * \n, \v, \f, \r), ISO/IEC 2022 can have SI, SO and \e).
+ */
+STATIC int file_is_binary(const char *cmd)
+{
+ char buf[128];
+ int fd = open(cmd, O_RDONLY|O_NOCTTY);
+ if (fd == -1)
+ return 1;
+ int len = read(fd, buf, sizeof(buf));
+ for (int i = 0; i < len; ++i) {
+ char c = buf[i];
+ if (c >= 0 && c <= 8 ||
+ c >= 16 && c <= 31 && c != 27 ||
+ c == 0x7f) {
+ close(fd);
+ return 1;
+ }
+ if (c == '\n')
+ return 0;
+ }
+ close(fd);
+ return 0;
+}
+
+
STATIC void
tryexec(char *cmd, char **argv, char **envp)
{
@@ -162,6 +194,8 @@ repeat:
execve(cmd, argv, envp);
#endif
if (cmd != path_bshell && errno == ENOEXEC) {
+ if (file_is_binary(cmd))
+ return;
*argv-- = cmd;
*argv = cmd = path_bshell;
goto repeat;
--
2.11.0
diff -u dash-0.5.8/debian/changelog dash-0.5.8/debian/changelog
--- dash-0.5.8/debian/changelog
+++ dash-0.5.8/debian/changelog
@@ -1,3 +1,12 @@
+dash (0.5.8-2.4) unstable; urgency=medium
+
+ * Non-maintainer upload.
+ * Don't execute binary files as scripts. (Closes: #816313)
+ * printf '\e' (Closes: #816295)
+ * Fix bad permissions on dash.md5sums (Closes: #832173)
+
+ -- Adam Borowski <kilob...@angband.pl> Tue, 24 Jan 2017 06:16:56 +0100
+
dash (0.5.8-2.3) unstable; urgency=medium
* Non-maintainer upload.
diff -u dash-0.5.8/debian/implicit dash-0.5.8/debian/implicit
--- dash-0.5.8/debian/implicit
+++ dash-0.5.8/debian/implicit
@@ -92,6 +92,7 @@
@cd debian/$* && find * -path 'DEBIAN' -prune -o \
-type f -print0 | LC_ALL=C sort -z | \
xargs -0r md5sum >>DEBIAN/md5sums
+ @chmod 0644 debian/*/DEBIAN/md5sums
%.deb-DEBIAN: %.deb-checkdir %.deb-DEBIAN-base %.deb-DEBIAN-scripts \
%.deb-DEBIAN-md5sums
: debian/$*/DEBIAN/ ok
only in patch2:
unchanged:
---
dash-0.5.8.orig/debian/diff/0007-Don-t-execute-binary-files-if-execve-returned-ENOEXE.diff
+++
dash-0.5.8/debian/diff/0007-Don-t-execute-binary-files-if-execve-returned-ENOEXE.diff
@@ -0,0 +1,77 @@
+From fe901f54d6504076ead29c9447f3abf7a903e9a8 Mon Sep 17 00:00:00 2001
+From: Adam Borowski <kilob...@angband.pl>
+Date: Tue, 24 Jan 2017 05:11:38 +0100
+Subject: [PATCH 1/2] Don't execute binary files if execve() returned ENOEXEC.
+
+Both "dash -c foo" and "./foo" are supposed to be able to run hashbang-less
+scripts, but attempts to execute common binary files tend to be nasty:
+especially both ELF and PE tend to make dash create a bunch of files with
+unprintable names, that in turn confuse some tools up to causing data loss.
+
+Thus, let's read the first line and see if it looks like text. This is a
+variant of the approach used by bash and zsh; mksh instead checks for
+signatures of a bunch of common file types.
+
+POSIX says: "If the executable file is not a text file, the shell may bypass
+this command execution.".
+
+Signed-off-by: Adam Borowski <kilob...@angband.pl>
+---
+ src/exec.c | 34 ++++++++++++++++++++++++++++++++++
+ 1 file changed, 34 insertions(+)
+
+diff --git a/src/exec.c b/src/exec.c
+index ec0eadd..72acd5e 100644
+--- a/src/exec.c
++++ b/src/exec.c
+@@ -148,6 +148,38 @@ shellexec(char **argv, const char *path, int idx)
+ }
+
+
++/*
++ * Check if an executable that just failed with ENOEXEC shouldn't be
++ * considered a script (wrong-arch ELF/PE, junk accidentally set +x, etc).
++ * We check only the first line to allow binaries encapsulated in a shell
++ * script without proper quoting. The first line, if not a hashbang, is
++ * likely to contain comments; even ancient encodings, at least popular
++ * ones, don't use 0x7f nor values below 0x1f other than whitespace (\t,
++ * \n, \v, \f, \r), ISO/IEC 2022 can have SI, SO and \e).
++ */
++STATIC int file_is_binary(const char *cmd)
++{
++ char buf[128];
++ int fd = open(cmd, O_RDONLY|O_NOCTTY);
++ if (fd == -1)
++ return 1;
++ int len = read(fd, buf, sizeof(buf));
++ for (int i = 0; i < len; ++i) {
++ char c = buf[i];
++ if (c >= 0 && c <= 8 ||
++ c >= 16 && c <= 31 && c != 27 ||
++ c == 0x7f) {
++ close(fd);
++ return 1;
++ }
++ if (c == '\n')
++ return 0;
++ }
++ close(fd);
++ return 0;
++}
++
++
+ STATIC void
+ tryexec(char *cmd, char **argv, char **envp)
+ {
+@@ -162,6 +194,8 @@ repeat:
+ execve(cmd, argv, envp);
+ #endif
+ if (cmd != path_bshell && errno == ENOEXEC) {
++ if (file_is_binary(cmd))
++ return;
+ *argv-- = cmd;
+ *argv = cmd = path_bshell;
+ goto repeat;
+--
+2.11.0
+
only in patch2:
unchanged:
--- dash-0.5.8.orig/debian/diff/0008-Support-e-in-echo-and-printf-builtins.diff
+++ dash-0.5.8/debian/diff/0008-Support-e-in-echo-and-printf-builtins.diff
@@ -0,0 +1,48 @@
+From 95e564ee5fddf0d36e510572daca927f9e139411 Mon Sep 17 00:00:00 2001
+From: Adam Borowski <kilob...@angband.pl>
+Date: Sat, 28 Jun 2014 06:29:56 +0200
+Subject: [PATCH 2/2] Support \e in "echo" and "printf" builtins.
+
+Signed-off-by: Adam Borowski <kilob...@angband.pl>
+---
+ src/bltin/printf.c | 1 +
+ src/dash.1 | 4 ++++
+ 2 files changed, 5 insertions(+)
+
+diff --git a/src/bltin/printf.c b/src/bltin/printf.c
+index a626cee..c34bf66 100644
+--- a/src/bltin/printf.c
++++ b/src/bltin/printf.c
+@@ -332,6 +332,7 @@ conv_escape(char *str, int *conv_ch)
+ case '\\': value = '\\'; break; /* backslash */
+ case 'a': value = '\a'; break; /* alert */
+ case 'b': value = '\b'; break; /* backspace */
++ case 'e': value = '\e'; break; /* escape */
+ case 'f': value = '\f'; break; /* form-feed */
+ case 'n': value = '\n'; break; /* newline */
+ case 'r': value = '\r'; break; /* carriage-return */
+diff --git a/src/dash.1 b/src/dash.1
+index 8b8026d..c6f83a5 100644
+--- a/src/dash.1
++++ b/src/dash.1
+@@ -1201,6 +1201,8 @@ Subsequent output is suppressed. This is normally used
at the end of the
+ last argument to suppress the trailing newline that
+ .Ic echo
+ would otherwise output.
++.It Li \ee
++Outputs an escape character (ESC).
+ .It Li \ef
+ Output a form feed.
+ .It Li \en
+@@ -1570,6 +1572,8 @@ The characters and their meanings are as follows:
+ Write a \*[Lt]bell\*[Gt] character.
+ .It Cm \eb
+ Write a \*[Lt]backspace\*[Gt] character.
++.It Cm \ee
++Write an \*[Lt]escape\*[Gt] (ESC) character.
+ .It Cm \ef
+ Write a \*[Lt]form-feed\*[Gt] character.
+ .It Cm \en
+--
+2.11.0
+
