TODO: I am seriously considering following Chet and changing
the way this works, by explicitly dropping privs unless the
shell is run with -p. Every other shell does it like mksh,
except Heirloom sh, which on the other hand doesn’t know any
explicit set -p or set +p (though it doesn’t know set +foo
for any foo either).
┌──┤ QUESTION: Do we need the ability to do this:
│ tg@blau:~ $ ./suidmksh -p -c 'whoami; set +p; whoami'
│ root
│ tg
If not, I’m seriously considering to drop set ±p as well,
only parse -p on the command line, with +p being the default,
and dropping FPRIVILEGED.
Thanks to RT for noticing and jilles for initial follow-up
discussion, as well as Chet Ramey for doing the sane/secure
thing instead of following Debian.
• sig_t detection was a bit insane, it is a function-pointer type after all
• fix uninitialised variable in c_select which led to mistakenly accepting
invalid (nōn-numeric) input and acting, randomly, upon it
• keep SIGCHLD blocked in child after forking longer, for job list manip
• block SIGCHLD ifdef DEBUG_LEAKS to not run job foo during/after afreeall
• fix annoying ISO C90 vs. C99 (un)signed constant warning
command; setting one still unsets the other at first)
• Change subst_exstat to be conformant unless -o sh is set and -o posix isn’t
• In lksh, make subst_exstat (newly) conformant if -o posix
• New MKSH_BINSHPOSIX to accompany MKSH_BINSHREDUCED
• Sync lksh manpage precisely
• correct order of built-in commands; use POSIX special versus “all others”
plus “keeps assignments” as distinction, no longer play POSIX regular vs.
others game; sync manpage
• fix LP#1156707: map (( internally to “let]” which is no valid function
name and so can’t be overridden but is unlikely to be used otherwhere
and not strictly permitted (by POSIX) anyway
• we do not need -Wno-overflow any more, either
• bump to R45
AT&T SVR4 broke 'cc -c -o foo.o foo.c' totally
switch to an alternative method of finding out the prototypes
provided in IRC by dalias (thanks); RT says this fixes his
issues on SVR4 – let’s just ignore the ominous message from
cid 1004713D70A5362BACF about needing to be a compile-time
check unless something else pops up, I can’t think of something
that isn’t already covered
03:00⎜«RT|AO:#!/bin/mksh» cc -c -o a.out does not output a.out but conftest.o (!!)
evil… just use tcfn=conftest.o for now, cf. cid 1004713D70A5362BACF (but why must it be one?)
16:49⎜<mirabilos:#!/bin/mksh> that's like NeXTstep which insers spaces around =
16:49⎜<mirabilos:#!/bin/mksh> but we can sed that away I guess.
16:49⎜«RT|Chatzilla:#!/bin/mksh» yeah, modifying grep/sed lines adding " *" works
that get used, plus one for the realpath-1 regression test; also make
sys_siglist_decl detection nicer and poison strerror() with non-const
return value ifdef DEBUG, make it always const
tg