On Sun, Jan 11, 2015 at 9:36 AM, Ted Unangst <[email protected]> wrote:
> env won't run a command with an = in its name. This is documented as a
> bug, but it's easily fixed in a backwards compatible way.
...
> + if (strcmp(*argv, "--") == 0)
> + argv++;
No, "env foo=bar -- baz=qux" really should try to execute "--": the
enviroment variables aren't an option string being processed with
getopt().
What we *can* do is enforce a bit more this requirement on environment names:
In the shell command language, a word consisting solely of
underscores, digits, and alphabetics
from the portable character set. The first character of a name is
not a digit.
Slash is not legal in shell variable names, so if we treat an argument
containing a slash before the = as the command instead of a variable
assignment, users have an escape hatch a do something like:
env foo=bar ./my=cool=program
or
env foo=bar `which another=test`
etc.
Something like this on the code side?
PHilip
--- env.c 8 Mar 2014 00:09:20 -0000 1.15
+++ env.c 11 Jan 2015 19:20:36 -0000
@@ -63,6 +63,8 @@ main(int argc, char *argv[])
argv += optind;
for (; *argv && (p = strchr(*argv, '=')); ++argv) {
+ if (memchr(*argv, '/', p - *argv) != NULL)
+ break;
*p++ = '\0';
if (setenv(*argv, p, 1) == -1) {
/* reuse 126, it matches the problem most */
