tags 292501 + patch
forwarded 292501 upstream
quit.
On Thu, Jan 27, 2005 at 01:17:00PM +0100, Jörg Sommer wrote:
man dash says:
If the environment variable ENV is set on entry to a shell, or is set in
the .profile of a login shell, the shell next reads commands from the
file named in ENV. Therefore, a user should place commands that are to
...
substituting for ``.shinit'' any filename you wish. Since the ENV file
is read for every invocation of the shell, including shell scripts and
^
non-interactive shells, the following paradigm is useful for restricting
But dash behaves:
$ echo $ENV
/home/joerg/.shrc
$ head -4 $ENV
# ~/.shrc: executed by sh(1) for non-login shells.
# throught $ENV set in ~/.profile
echo $0 shrc
(joerg):~$ dash -c true
(joerg):~$ posh -c true
posh shrc
Yes, the documentation doesn't match the code here, thanks for pointing
at this. The change has been made in dash with version 0.3.8-25 in
2001, for a good reason I think. The open group IEEE Std 1003.1 spec
also agrees[0].
I suggest the first patch attached to fix the documentation. freebsd
made the same code change in 1997, and added a paragraph to the man
page[1]. The second patch attached changes dash.1 similar, I would
prefer the first one htough.
Regards, Gerrit.
[0] http://www.opengroup.org/onlinepubs/009695399/utilities/sh.html
[1] http://www.freebsd.org/cgi/cvsweb.cgi/src/bin/sh/sh.1.diff?r1=1.13r2=1.14
--
Open projects at http://smarden.org/pape/.
Index: src/dash.1
===
RCS file: /cvs/dash/src/dash.1,v
retrieving revision 1.1
diff -u -r1.1 dash.1
--- src/dash.1 3 Jul 2004 12:52:54 - 1.1
+++ src/dash.1 30 Jan 2005 11:01:08 -
@@ -143,7 +143,7 @@
if they exist.
If the environment variable
.Ev ENV
-is set on entry to a shell, or is set in the
+is set on entry to an interactive shell, or is set in the
.Pa .profile
of a login shell, the shell next reads
commands from the file named in
@@ -151,7 +151,7 @@
Therefore, a user should place commands that are to be executed only at
login time in the
.Pa .profile
-file, and commands that are executed for every shell inside the
+file, and commands that are executed for every interactive shell inside the
.Ev ENV
file.
To set the
@@ -165,31 +165,6 @@
substituting for
.Dq .shinit
any filename you wish.
-Since the
-.Ev ENV
-file is read for every invocation of the shell, including shell scripts
-and non-interactive shells, the following paradigm is useful for
-restricting commands in the
-.Ev ENV
-file to interactive invocations.
-Place commands within the
-.Dq case
-and
-.Dq esac
-below (these commands are described later):
-.Pp
-.Bl -item -compact -offset indent
-.It
-.Li case $- in *i*)
-.Bl -item -compact -offset indent
-.It
-.Li # commands for interactive use only
-.It
-.Li ...
-.El
-.It
-.Li esac
-.El
.Pp
If command line arguments besides the options have been specified, then
the shell treats the first argument as the name of a file from which to
Index: src/dash.1
===
RCS file: /cvs/dash/src/dash.1,v
retrieving revision 1.1
diff -u -r1.1 dash.1
--- src/dash.1 3 Jul 2004 12:52:54 - 1.1
+++ src/dash.1 30 Jan 2005 11:06:02 -
@@ -165,38 +165,22 @@
substituting for
.Dq .shinit
any filename you wish.
-Since the
-.Ev ENV
-file is read for every invocation of the shell, including shell scripts
-and non-interactive shells, the following paradigm is useful for
-restricting commands in the
-.Ev ENV
-file to interactive invocations.
-Place commands within the
-.Dq case
-and
-.Dq esac
-below (these commands are described later):
-.Pp
-.Bl -item -compact -offset indent
-.It
-.Li case $- in *i*)
-.Bl -item -compact -offset indent
-.It
-.Li # commands for interactive use only
-.It
-.Li ...
-.El
-.It
-.Li esac
-.El
-.Pp
If command line arguments besides the options have been specified, then
the shell treats the first argument as the name of a file from which to
read commands (a shell script), and the remaining arguments are set as the
positional parameters of the shell ($1, $2, etc).
Otherwise, the shell
reads commands from its standard input.
+.Pp
+Unlike older versions of
+.Nm
+the
+.Ev ENV
+script is only sourced on invocation of interactive shells.
+This closes a well-known, and sometimes easily exploitable security hole
+related to poorly thought out
+.Ev ENV
+scripts.
.Ss Argument List Processing
All of the single letter options have a corresponding name that can be
used as an argument to the
