1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-19 15:33:56 +00:00
Commit Graph

22 Commits

Author SHA1 Message Date
Jilles Tjoelker
d358fa780b wordexp: Rewrite to make WRDE_NOCMD reliable.
Shell syntax is too complicated to detect command substitution and unquoted
operators reliably without implementing much of sh's parser. Therefore, have
sh do this detection.

While changing sh's support anyway, also read input from a pipe instead of
arguments to avoid {ARG_MAX} limits and improve privacy, and output count
and length using 16 instead of 8 digits.

The basic concept is:
execl("/bin/sh", "sh", "-c", "freebsd_wordexp ${1:+\"$1\"} -f "$2",
    "", flags & WRDE_NOCMD ? "-p" : "", <pipe with words>);

The WRDE_BADCHAR error is still implemented in libc. POSIX requires us to
fail strings containing unquoted braces with code WRDE_BADCHAR. Since this
is normally not a syntax error in sh, there is still a need for checking
code in libc, we_check().

The new we_check() is an optimistic check that all the characters
  <newline> | & ; < > ( ) { }
are quoted. To avoid duplicating too much sh logic, such characters are
permitted when quoting characters are seen, even if the quoting characters
may themselves be quoted. This code reports all WRDE_BADCHAR errors; bad
characters that get past it and are a syntax error in sh return WRDE_SYNTAX.

Although many implementations of WRDE_NOCMD erroneously allow some command
substitutions (and ours even documented this), there appears to be code that
relies on its security (codesearch.debian.net shows quite a few uses).
Passing untrusted data to wordexp() still exposes a denial of service
possibility and a fairly large attack surface.

Reviewed by:	wblock (man page only)
MFC after:	2 weeks
Relnotes:	yes
Security:	fixes command execution with wordexp(untrusted, WRDE_NOCMD)
2015-09-30 21:32:29 +00:00
Jilles Tjoelker
8d5a14301f sh: Remove the "exp" builtin.
The "exp" builtin is undocumented, non-standard and not very useful.

If exp's return value is not used, something like
VAR=$(exp EXPRESSION)
is equivalent to
VAR=$((EXPRESSION))
except that errors in the expression are fatal and quoting special
characters is not needed in the latter case.

If exp's return value is used, something like
if exp EXPRESSION >/dev/null
can be replaced by
if [ $((EXPRESSION)) -ne 0 ]
with similar differences.

The exp-run showed that "let" is close enough to bash's and ksh's builtin
that removing it would break a few ports. Therefore, "let" remains in 9.x.

PR:		bin/104432
Exp-run done by: pav (with some other sh(1) changes)
2011-05-27 20:53:07 +00:00
Jilles Tjoelker
0a62a9caa9 sh: Add kill builtin.
This allows specifying a %job (which is equivalent to the corresponding
process group).

Additionally, it improves reliability of kill from sh in high-load
situations and ensures "kill" finds the correct utility regardless of PATH,
as required by POSIX (unless the undocumented %builtin mechanism is used).

Side effect: fatal errors (any error other than kill(2) failure) now return
exit status 2 instead of 1. (This is consistent with other sh builtins, but
not in NetBSD.)

Code size increases about 1K on i386.

Obtained from:	NetBSD
2010-12-21 22:47:34 +00:00
Jilles Tjoelker
9897c45f31 sh: Add printf builtin.
This was removed in 2001 but I think it is appropriate to add it back:
* I do not want to encourage people to write fragile and non-portable echo
  commands by making printf much slower than echo.
* Recent versions of Autoconf use it a lot.
* Almost no software still wants to support systems that do not have
  printf(1) at all.
* In many other shells printf is already a builtin.

Side effect: printf is now always the builtin version (which behaves
identically to /usr/bin/printf) and cannot be overridden via PATH (except
via the undocumented %builtin mechanism).

Code size increases about 5K on i386. Embedded folks might want to replace
/usr/bin/printf with a hard link to /usr/bin/alias.
2010-11-19 12:56:13 +00:00
Stefan Farfeleder
905330ab78 Use -s to flag POSIX's "special built-in" utilities in builtins.def. Add a
new member to struct builtincmd and set it to 1 if -s was specified.  This
is done because there are cases where special builtins must be treated
differently from other builtins.

Obtained from:	NetBSD (builtins.def part)
2006-04-02 18:43:33 +00:00
Stefan Farfeleder
7162e01ce9 Sort. 2005-12-04 20:01:48 +00:00
Stefan Farfeleder
435323ed25 Remove a few commented out builtins from the original ash. The files
implementing them were never part of FreeBSD.
2005-12-04 19:37:07 +00:00
Stefan Farfeleder
1974986a82 Add the times builtin. It reports the user and system time for the shell
itself and its children.  Instead of calling times() (as implied by POSIX) this
implementation directly calls getrusage() to get the times because this is more
convenient.
2005-12-04 18:44:21 +00:00
Warner Losh
9ddb49cbe4 /*- or .\"- or #- to begin license clauses. 2005-01-10 08:39:26 +00:00
Mark Murray
6195fb4102 Remove clause 3 from the UCB licenses.
OK'ed by:	imp, core
2004-04-06 20:06:54 +00:00
Tim J. Robbins
2c25061f18 Add the "wordexp" shell built-in command which will be used to implement
the POSIX wordexp() function.
2002-12-26 14:28:54 +00:00
Tim J. Robbins
088acf9001 Add a `bind' builtin command, which is simply a wrapper around libedit's
builtin command of the same name. This allows the key bindings for the
shell's line editor to be changed.

MFC after:	2 weeks
2002-07-23 11:50:53 +00:00
Tim J. Robbins
2babaf74b5 Implement the P1003.2 `command' builtin command, which is used to suppress
shell function and alias lookup. The -p option has been implemented, the
UPE -v and -V options have not. The old `command' command has been renamed
to `builtin'.
2002-07-21 06:49:14 +00:00
Akinori MUSHA
018d9f6237 Remove the printf builtin command from sh(1), which command is not
used so often that it's worth keeping it as a builtin.

Now that all the printf invocations from within the system startup
scripts, we can safely remove it.

Urged by:	sheldonh  :)

No MFC is planned so far because it may break compatibility and
violate POLA.
2001-11-20 18:33:59 +00:00
Akinori MUSHA
d90c5c4ab4 Make test(1) a builtin command of our sh(1) for efficiency. The
binary size increase is 3,784 bytes (about 0.6%).

I don't drop the printf builtin while I'm here because some /etc/rc.*
scripts seem to use it before mounting /usr where printf(1) resides.

Reviewed by:	arch (sheldonh)
Inspired by:	NetBSD, ksh
Clued by:	ume (on how the printf builtin is used)
2001-11-17 19:10:11 +00:00
Peter Wemm
2a4562393f $Id$ -> $FreeBSD$ 1999-08-27 23:15:48 +00:00
Steve Price
5382d20cf1 Turn on the new type builtin. 1997-04-28 03:50:07 +00:00
Peter Wemm
b97fa2ef50 Revert $FreeBSD$ to $Id$ 1997-02-22 14:13:04 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
Peter Wemm
7081f1bc92 re-activate the printf builtin now that src/usr.bin/printf.c has been
tweaked to work as a builtin better (ie: calls the real printf formatting
code, not sh's cut-down out1fmt() function)
1996-10-01 04:59:13 +00:00
Peter Wemm
aa9caaf657 Merge of 4.4-Lite2 sh source, plus some gcc -Wall cleaning. This is a
merge of parallel duplicate work by Steve Price and myself. :-]

There are some changes to the build that are my fault...  mkinit.c was
trying (poorly) to duplicate some of the work that make(1) is designed to
do.  The Makefile hackery is my fault too, the depend list was incomplete
because of some explicit OBJS+= entries, so mkdep wasn't picking up their
source file #includes.

This closes a pile of /bin/sh PR's, but not all of them..

Submitted by: Steve Price <steve@bonsai.hiwaay.net>, peter
1996-09-01 10:22:36 +00:00
Peter Wemm
069428af6d Import the 4.4BSD-Lite2 /bin/sh sources
Requested by: joerg

(Note, this is mostly going to be conflicts, which is expected.  Our entire
 sh source has a mainline, so this should not change anything except for
 a few new files appearing.  I dont think they are a problem)
1996-05-27 01:41:12 +00:00