TODO: I am seriously considering following Chet and changing
the way this works, by explicitly dropping privs unless the
shell is run with -p. Every other shell does it like mksh,
except Heirloom sh, which on the other hand doesn’t know any
explicit set -p or set +p (though it doesn’t know set +foo
for any foo either).
┌──┤ QUESTION: Do we need the ability to do this:
│ tg@blau:~ $ ./suidmksh -p -c 'whoami; set +p; whoami'
│ root
│ tg
If not, I’m seriously considering to drop set ±p as well,
only parse -p on the command line, with +p being the default,
and dropping FPRIVILEGED.
Thanks to RT for noticing and jilles for initial follow-up
discussion, as well as Chet Ramey for doing the sane/secure
thing instead of following Debian.
Steffen Daode Nurpmeso stumbled upon it and gave very detailed
instructions on how to reproduce it (thanks!); fix that
also only call x_bs0 if xcp < xep because *xep is undefined
prompt display routines; make Emacs and Vi share
code, permitting reducing of duplication and code
removal as well as more consistent behaviour; put
some common code into shared helper functions, too
• New x_adjust() logic (Emacs mode): when determining
what portion of a line to render use a much more
sophisticated algorithm and try to fill up ⅔ of the
total screen width (with line and prompt both) also
as wished from Steffen Daode Nurpmeso
Whenever the SIGEXIT trap was set (to anything, really)
syntax errors and interruptions were not ignored any more
in an interactive shell (where they should be, unless
set -e is used); fix that.
tbd: traps should probably only be marked as pending
and run for LLEAVE/E_NONE
merged:
• new regression tests
• check.pl (tests/th) better tmpfile handling
• exec.c 1.50: POSIX specifies that for an AND/OR list,
only the last command's exit status matters for "set -e"
• ksh.1 1.147: document the above
• eval.c 1.39: “Make $(< /nonexistent) have the same behaviour
as $(cat /nonexistent) wrt. errors (do not unwind and do not
treat this as fatal if set -e is used).”
‣ additionally make shf_open() return errno and actually show
the error message from the system
• regression-39 test: remove the “maybe” marker
‣ but decide on correct POSIX behaviour
already been fixed in mksh:
• check.pl (tests/th) exit 1 if tests fail
not merged:
• main.c 1.52: run traps in unwind() before exiting;
I’m pretty sure this is already working as-should in mksh
• eval.c 1.38: “Commands executed via `foo` or $( bar ) should
not inherit "set -e" status.” As discussed in IRC, this is
just plainly WRONG.
• sig_t detection was a bit insane, it is a function-pointer type after all
• fix uninitialised variable in c_select which led to mistakenly accepting
invalid (nōn-numeric) input and acting, randomly, upon it
• keep SIGCHLD blocked in child after forking longer, for job list manip
• block SIGCHLD ifdef DEBUG_LEAKS to not run job foo during/after afreeall
• fix annoying ISO C90 vs. C99 (un)signed constant warning
(as, on some systems and for some pedants, it may be *better* suited
due to its broken use of the host C “long” data type for arithmetics)
but warn that this can only work with -DMKSH_BINSHPOSIX really
command; setting one still unsets the other at first)
• Change subst_exstat to be conformant unless -o sh is set and -o posix isn’t
• In lksh, make subst_exstat (newly) conformant if -o posix
• New MKSH_BINSHPOSIX to accompany MKSH_BINSHREDUCED
• Sync lksh manpage precisely
tg