James Carlson wrote: > Roland Mainz writes: > > > > Or libshell? Or libast? I seems that there is no compelling reason to > > > > accept ksh93 at all > > > > > > None of this justifies putting ksh into root. > > > > What about |libc::wordexp()| ? > > Yes, I'd like to see it fixed. I filed CR 4771992 four years ago to > outline both the performance and security problems posed by the > implementation. It's not good. In fact, in many cases, it's just not > usable at all. > > As it stands, the project proposed doesn't actually fix this problem.
No, and I didn't propose it as this putback and the code we already wrote targets at a backport for Solaris 10 - the inclusion of |libc::wordexp()| in this case would make a backport tricker because we would have to seperate the |libc::wordexp()| issue somehow. > > At least for correctness reasons it > > should work in any runlevel with and without /usr being mounted (note we > > have working code in the ksh93-integration prototype002 codebase which > > uses ksh93 for |libc::wordexp()| - in theory the code is there to fix > > this issue once and for all). > > "In theory" doesn't quite work here. If the scope of this project is > widened to encompass replacing wordexp with something less horrible, > and if the right answer for handling embedded shell expansion in > wordexp parsing is to exec ksh93, then you've got at least one > possibly good argument to put ksh93 (or at least some portion of it) > in the root file system. The problem is that this needs to be ARC'ed because ksh93 will enforce XPG4 behaviour which is currently only used for XPG4-compilant applications. In practice the difference is non-existant (since we are talking only about the word expansion in ksh vs. POSIX shell which is virtually identical in all imagineable production cases&&usage (yes, I know - it is always possible to craft something which exposes a difference. But the consumers of |libc::wordexp()| do not do that in real life)) but the old implementation made the difference where one version uses /usr/bin/ksh and the other uses /usr/xpg4/bin/sh (which is /usr/bin/ksh hacked with lots of |#ifdef|s until it worked more or less exactly as described in the POSIX specs). ---- Bye, Roland -- __ . . __ (o.\ \/ /.o) roland.mainz at nrubsig.org \__\/\/__/ MPEG specialist, C&&JAVA&&Sun&&Unix programmer /O /==\ O\ TEL +49 641 7950090 (;O/ \/ \O;)
