1
0
mirror of https://git.FreeBSD.org/src.git synced 2025-01-10 14:02:43 +00:00
freebsd/bin/ed/POSIX
Conrad Meyer d83db3fb6a Drop ed(1) "crypto"
You should not be using DES.  You should not have been using DES for the
past 30 years.

The ed DES-CBC scheme lacked several desirable properties of a sealed
document system, even ignoring DES itself.  In particular, it did not
provide the "integrity" cryptographic property (detection of tampering), and
it treated ASCII passwords as 64-bit keys (instead of using a KDF like
scrypt or PBKDF2).

Some general approaches ed(1) users might consider to replace the removed
DES mode:

1. Full disk encryption with something like AES-XTS.  This is easy to
conceptualize, design, and implement, and it provides confidentiality for
data at rest.  Like CBC, it lacks tampering protection.  Examples include
GELI, LUKS, FileVault2.

2. Encrypted overlay ("stackable") filesystems (EncFS, PEFS?, CryptoFS,
others).

3. Native encryption at the filesystem layer.  Ext4/F2FS, ZFS, APFS, and
NTFS all have some flavor of this.

4. Storing your files unencrypted.  It's not like DES was doing you much
good.

If you have DES-CBC scrambled files produced by ed(1) prior to this change,
you may decrypt them with:

  openssl des-cbc -d -iv 0 -K <key in hex> -in <inputfile> -out <plaintext>

Reviewed by:	allanjude, bapt, emaste
Sponsored by:	Dell EMC Isilon
Differential Revision:	https://reviews.freebsd.org/D17829
2018-11-04 17:56:16 +00:00

93 lines
3.7 KiB
Plaintext

$FreeBSD$
This version of ed(1) is not strictly POSIX compliant, as described in
the POSIX 1003.2 document. The following is a summary of the omissions,
extensions and possible deviations from POSIX 1003.2.
OMISSIONS
---------
1) For backwards compatibility, the POSIX rule that says a range of
addresses cannot be used where only a single address is expected has
been relaxed.
2) To support the BSD `s' command (see extension [1] below),
substitution patterns cannot be delimited by numbers or the characters
`r', `g' and `p'. In contrast, POSIX specifies any character expect
space or newline can used as a delimiter.
EXTENSIONS
----------
1) BSD commands have been implemented wherever they do not conflict with
the POSIX standard. The BSD-ism's included are:
i) `s' (i.e., s[n][rgp]*) to repeat a previous substitution,
ii) `W' for appending text to an existing file,
iii) `wq' for exiting after a write,
iv) `z' for scrolling through the buffer, and
v) BSD line addressing syntax (i.e., `^' and `%') is recognized.
2) The POSIX interactive global commands `G' and `V' are extended to
support multiple commands, including `a', `i' and `c'. The command
format is the same as for the global commands `g' and `v', i.e., one
command per line with each line, except for the last, ending in a
backslash (\).
3) An extension to the POSIX file commands `E', `e', `r', `W' and `w' is
that <file> arguments are processed for backslash escapes, i.e., any
character preceded by a backslash is interpreted literally. If the
first unescaped character of a <file> argument is a bang (!), then the
rest of the line is interpreted as a shell command, and no escape
processing is performed by ed.
4) For SunOS ed(1) compatibility, ed runs in restricted mode if invoked
as red. This limits editing of files in the local directory only and
prohibits shell commands.
DEVIATIONS
----------
1) Though ed is not a stream editor, it can be used to edit binary files.
To assist in binary editing, when a file containing at least one ASCII
NUL character is written, a newline is not appended if it did not
already contain one upon reading. In particular, reading /dev/null
prior to writing prevents appending a newline to a binary file.
For example, to create a file with ed containing a single NUL character:
$ ed file
a
^@
.
r /dev/null
wq
Similarly, to remove a newline from the end of binary `file':
$ ed file
r /dev/null
wq
2) Since the behavior of `u' (undo) within a `g' (global) command list is
not specified by POSIX, it follows the behavior of the SunOS ed:
undo forces a global command list to be executed only once, rather than
for each line matching a global pattern. In addition, each instance of
`u' within a global command undoes all previous commands (including
undo's) in the command list. This seems the best way, since the
alternatives are either too complicated to implement or too confusing
to use.
The global/undo combination is useful for masking errors that
would otherwise cause a script to fail. For instance, an ed script
to remove any occurrences of either `censor1' or `censor2' might be
written as:
ed - file <<EOF
1g/.*/u\
,s/censor1//g\
,s/censor2//g
...
3) The `m' (move) command within a `g' command list also follows the SunOS
ed implementation: any moved lines are removed from the global command's
`active' list.
4) If ed is invoked with a name argument prefixed by a bang (!), then the
remainder of the argument is interpreted as a shell command. To invoke
ed on a file whose name starts with bang, prefix the name with a
backslash.