Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-08 Thread Ulrich Mueller
> On Fri, 8 Sep 2017, Robin H Johnson wrote:

> On Thu, Aug 31, 2017 at 10:45:42PM +0200, Michał Górny wrote:
>> +export PATH=/dev/null
> Minor nitpick: The Single UNIX spec says that PATH is a set of
> prefixes, and that they're treated as directories.
> http://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html

> I think it might be good to use either a non-existing path, or a
> known empty directory (/var/empty), rather than /dev/null which DOES
> exist.

Is /var/empty standard? On my system here, it belongs to
net-misc/openssh.

Also any /dev/null/foo is guaranteed not to exist, so I don't see how
pathname resolution could possibly succeed when PATH is /dev/null.

Ulrich


pgpVY9QRev455.pgp
Description: PGP signature


Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-08 Thread Robin H. Johnson
On Thu, Aug 31, 2017 at 10:45:42PM +0200, Michał Górny wrote:
> + export PATH=/dev/null
Minor nitpick: The Single UNIX spec says that PATH is a set of prefixes,
and that they're treated as directories.
http://pubs.opengroup.org/onlinepubs/7908799/xbd/envvar.html

I think it might be good to use either a non-existing path, or a known
empty directory (/var/empty), rather than /dev/null which DOES exist.

-- 
Robin Hugh Johnson
Gentoo Linux: Dev, Infra Lead, Foundation Asst. Treasurer
E-Mail   : robb...@gentoo.org
GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85
GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136


signature.asc
Description: Digital signature


Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-08 Thread Alec Warner
Must be old age setting in :(

Thanks,

-A

On Fri, Sep 8, 2017 at 2:54 PM, Michał Górny  wrote:

> W dniu pią, 08.09.2017 o godzinie 14∶48 -0400, użytkownik Alec Warner
> napisał:
> > Why PATH=/dev/null vs export PATH=""
>
> +  # note: we can't use empty because it implies current directory
>
> >
> > On Thu, Sep 7, 2017 at 3:36 AM, Michał Górny  wrote:
> >
> > > Dnia 31 sierpnia 2017 22:45:42 CEST, "Michał Górny"  >
> > > napisał(a):
> > > > Set PATH to /dev/null when sourcing the ebuild for dependency
> > > > resolution
> > > > in order to prevent shell from finding external commands via PATH
> > > > lookup. While this does not prevent executing programs via full path,
> > > > it
> > > > should catch the majority of accidental uses.
> > > >
> > > > Closes: https://github.com/gentoo/portage/pull/199
> > > >
> > > > // Note: this can't be merged right now since we still have ebuilds
> > > > // calling external commands; see:
> > > > // https://bugs.gentoo.org/show_bug.cgi?id=629222
> > >
> > > Update: gentoo is green now
> > >
> > > > ---
> > > > bin/ebuild.sh | 6 +-
> > > > bin/isolated-functions.sh | 4 
> > > > 2 files changed, 9 insertions(+), 1 deletion(-)
> > > >
> > > > diff --git a/bin/ebuild.sh b/bin/ebuild.sh
> > > > index c23561651..94a44d534 100755
> > > > --- a/bin/ebuild.sh
> > > > +++ b/bin/ebuild.sh
> > > > @@ -80,8 +80,12 @@ else
> > > >   done
> > > >   unset funcs x
> > > >
> > > > +  # prevent the shell from finding external executables
> > > > +  # note: we can't use empty because it implies current
> directory
> > > > +  _PORTAGE_ORIG_PATH=${PATH}
> > > > +  export PATH=/dev/null
> > > >   command_not_found_handle() {
> > > > -  die "Command not found while sourcing ebuild: ${*}"
> > > > +  die "External commands disallowed while sourcing
> ebuild:
> > >
> > > ${*}"
> > > >   }
> > > > fi
> > > >
> > > > diff --git a/bin/isolated-functions.sh b/bin/isolated-functions.sh
> > > > index e320f7132..b28e44f18 100644
> > > > --- a/bin/isolated-functions.sh
> > > > +++ b/bin/isolated-functions.sh
> > > > @@ -121,6 +121,10 @@ __helpers_die() {
> > > > }
> > > >
> > > > die() {
> > > > +  # restore PATH since die calls basename & sed
> > > > +  # TODO: make it pure bash
> > > > +  [[ -n ${_PORTAGE_ORIG_PATH} ]] && PATH=${_PORTAGE_ORIG_PATH}
> > > > +
> > > >   set +x # tracing only produces useless noise here
> > > >   local IFS=$' \t\n'
> > > >
> > >
> > >
> > > --
> > > Best regards,
> > > Michał Górny (by phone)
> > >
> > >
>
> --
> Best regards,
> Michał Górny
>
>
>


Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-08 Thread Michał Górny
W dniu pią, 08.09.2017 o godzinie 14∶48 -0400, użytkownik Alec Warner
napisał:
> Why PATH=/dev/null vs export PATH=""

+  # note: we can't use empty because it implies current directory

> 
> On Thu, Sep 7, 2017 at 3:36 AM, Michał Górny  wrote:
> 
> > Dnia 31 sierpnia 2017 22:45:42 CEST, "Michał Górny" 
> > napisał(a):
> > > Set PATH to /dev/null when sourcing the ebuild for dependency
> > > resolution
> > > in order to prevent shell from finding external commands via PATH
> > > lookup. While this does not prevent executing programs via full path,
> > > it
> > > should catch the majority of accidental uses.
> > > 
> > > Closes: https://github.com/gentoo/portage/pull/199
> > > 
> > > // Note: this can't be merged right now since we still have ebuilds
> > > // calling external commands; see:
> > > // https://bugs.gentoo.org/show_bug.cgi?id=629222
> > 
> > Update: gentoo is green now
> > 
> > > ---
> > > bin/ebuild.sh | 6 +-
> > > bin/isolated-functions.sh | 4 
> > > 2 files changed, 9 insertions(+), 1 deletion(-)
> > > 
> > > diff --git a/bin/ebuild.sh b/bin/ebuild.sh
> > > index c23561651..94a44d534 100755
> > > --- a/bin/ebuild.sh
> > > +++ b/bin/ebuild.sh
> > > @@ -80,8 +80,12 @@ else
> > >   done
> > >   unset funcs x
> > > 
> > > +  # prevent the shell from finding external executables
> > > +  # note: we can't use empty because it implies current directory
> > > +  _PORTAGE_ORIG_PATH=${PATH}
> > > +  export PATH=/dev/null
> > >   command_not_found_handle() {
> > > -  die "Command not found while sourcing ebuild: ${*}"
> > > +  die "External commands disallowed while sourcing ebuild:
> > 
> > ${*}"
> > >   }
> > > fi
> > > 
> > > diff --git a/bin/isolated-functions.sh b/bin/isolated-functions.sh
> > > index e320f7132..b28e44f18 100644
> > > --- a/bin/isolated-functions.sh
> > > +++ b/bin/isolated-functions.sh
> > > @@ -121,6 +121,10 @@ __helpers_die() {
> > > }
> > > 
> > > die() {
> > > +  # restore PATH since die calls basename & sed
> > > +  # TODO: make it pure bash
> > > +  [[ -n ${_PORTAGE_ORIG_PATH} ]] && PATH=${_PORTAGE_ORIG_PATH}
> > > +
> > >   set +x # tracing only produces useless noise here
> > >   local IFS=$' \t\n'
> > > 
> > 
> > 
> > --
> > Best regards,
> > Michał Górny (by phone)
> > 
> > 

-- 
Best regards,
Michał Górny




Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-08 Thread Alec Warner
Why PATH=/dev/null vs export PATH=""

On Thu, Sep 7, 2017 at 3:36 AM, Michał Górny  wrote:

> Dnia 31 sierpnia 2017 22:45:42 CEST, "Michał Górny" 
> napisał(a):
> >Set PATH to /dev/null when sourcing the ebuild for dependency
> >resolution
> >in order to prevent shell from finding external commands via PATH
> >lookup. While this does not prevent executing programs via full path,
> >it
> >should catch the majority of accidental uses.
> >
> >Closes: https://github.com/gentoo/portage/pull/199
> >
> >// Note: this can't be merged right now since we still have ebuilds
> >// calling external commands; see:
> >// https://bugs.gentoo.org/show_bug.cgi?id=629222
>
> Update: gentoo is green now
>
> >---
> > bin/ebuild.sh | 6 +-
> > bin/isolated-functions.sh | 4 
> > 2 files changed, 9 insertions(+), 1 deletion(-)
> >
> >diff --git a/bin/ebuild.sh b/bin/ebuild.sh
> >index c23561651..94a44d534 100755
> >--- a/bin/ebuild.sh
> >+++ b/bin/ebuild.sh
> >@@ -80,8 +80,12 @@ else
> >   done
> >   unset funcs x
> >
> >+  # prevent the shell from finding external executables
> >+  # note: we can't use empty because it implies current directory
> >+  _PORTAGE_ORIG_PATH=${PATH}
> >+  export PATH=/dev/null
> >   command_not_found_handle() {
> >-  die "Command not found while sourcing ebuild: ${*}"
> >+  die "External commands disallowed while sourcing ebuild:
> ${*}"
> >   }
> > fi
> >
> >diff --git a/bin/isolated-functions.sh b/bin/isolated-functions.sh
> >index e320f7132..b28e44f18 100644
> >--- a/bin/isolated-functions.sh
> >+++ b/bin/isolated-functions.sh
> >@@ -121,6 +121,10 @@ __helpers_die() {
> > }
> >
> > die() {
> >+  # restore PATH since die calls basename & sed
> >+  # TODO: make it pure bash
> >+  [[ -n ${_PORTAGE_ORIG_PATH} ]] && PATH=${_PORTAGE_ORIG_PATH}
> >+
> >   set +x # tracing only produces useless noise here
> >   local IFS=$' \t\n'
> >
>
>
> --
> Best regards,
> Michał Górny (by phone)
>
>


Re: [gentoo-portage-dev] [PATCH] ebuild.sh: Completely ban external commands in global scope

2017-09-07 Thread Michał Górny
Dnia 31 sierpnia 2017 22:45:42 CEST, "Michał Górny"  
napisał(a):
>Set PATH to /dev/null when sourcing the ebuild for dependency
>resolution
>in order to prevent shell from finding external commands via PATH
>lookup. While this does not prevent executing programs via full path,
>it
>should catch the majority of accidental uses.
>
>Closes: https://github.com/gentoo/portage/pull/199
>
>// Note: this can't be merged right now since we still have ebuilds
>// calling external commands; see:
>// https://bugs.gentoo.org/show_bug.cgi?id=629222

Update: gentoo is green now 

>---
> bin/ebuild.sh | 6 +-
> bin/isolated-functions.sh | 4 
> 2 files changed, 9 insertions(+), 1 deletion(-)
>
>diff --git a/bin/ebuild.sh b/bin/ebuild.sh
>index c23561651..94a44d534 100755
>--- a/bin/ebuild.sh
>+++ b/bin/ebuild.sh
>@@ -80,8 +80,12 @@ else
>   done
>   unset funcs x
> 
>+  # prevent the shell from finding external executables
>+  # note: we can't use empty because it implies current directory
>+  _PORTAGE_ORIG_PATH=${PATH}
>+  export PATH=/dev/null
>   command_not_found_handle() {
>-  die "Command not found while sourcing ebuild: ${*}"
>+  die "External commands disallowed while sourcing ebuild: ${*}"
>   }
> fi
> 
>diff --git a/bin/isolated-functions.sh b/bin/isolated-functions.sh
>index e320f7132..b28e44f18 100644
>--- a/bin/isolated-functions.sh
>+++ b/bin/isolated-functions.sh
>@@ -121,6 +121,10 @@ __helpers_die() {
> }
> 
> die() {
>+  # restore PATH since die calls basename & sed
>+  # TODO: make it pure bash
>+  [[ -n ${_PORTAGE_ORIG_PATH} ]] && PATH=${_PORTAGE_ORIG_PATH}
>+
>   set +x # tracing only produces useless noise here
>   local IFS=$' \t\n'
> 


-- 
Best regards,
Michał Górny (by phone)