TODO: I am seriously considering following Chet and changing
the way this works, by explicitly dropping privs unless the
shell is run with -p. Every other shell does it like mksh,
except Heirloom sh, which on the other hand doesn’t know any
explicit set -p or set +p (though it doesn’t know set +foo
for any foo either).
┌──┤ QUESTION: Do we need the ability to do this:
│ tg@blau:~ $ ./suidmksh -p -c 'whoami; set +p; whoami'
│ root
│ tg
If not, I’m seriously considering to drop set ±p as well,
only parse -p on the command line, with +p being the default,
and dropping FPRIVILEGED.
Thanks to RT for noticing and jilles for initial follow-up
discussion, as well as Chet Ramey for doing the sane/secure
thing instead of following Debian.
merged:
• new regression tests
• check.pl (tests/th) better tmpfile handling
• exec.c 1.50: POSIX specifies that for an AND/OR list,
only the last command's exit status matters for "set -e"
• ksh.1 1.147: document the above
• eval.c 1.39: “Make $(< /nonexistent) have the same behaviour
as $(cat /nonexistent) wrt. errors (do not unwind and do not
treat this as fatal if set -e is used).”
‣ additionally make shf_open() return errno and actually show
the error message from the system
• regression-39 test: remove the “maybe” marker
‣ but decide on correct POSIX behaviour
already been fixed in mksh:
• check.pl (tests/th) exit 1 if tests fail
not merged:
• main.c 1.52: run traps in unwind() before exiting;
I’m pretty sure this is already working as-should in mksh
• eval.c 1.38: “Commands executed via `foo` or $( bar ) should
not inherit "set -e" status.” As discussed in IRC, this is
just plainly WRONG.
• make parsing numbers with leading digit-zero as octal independent of
mksh/lksh and dependent on set -o posix; adjust manpages to match
• warn about these changes and why mksh uses 32-bit consistent arithmetics
and point people to lksh for host-long undefined-behaviour arithmetics
• point out, explicitly, that it is *legal* for the operating environment
to make 'print $((2147483647 + 1))' (on a 32-bit system; adjust for a
64-bit system) to run 'rm -rf ~ /' instead
• correct order of built-in commands; use POSIX special versus “all others”
plus “keeps assignments” as distinction, no longer play POSIX regular vs.
others game; sync manpage
• fix LP#1156707: map (( internally to “let]” which is no valid function
name and so can’t be overridden but is unlikely to be used otherwhere
and not strictly permitted (by POSIX) anyway
• we do not need -Wno-overflow any more, either
• bump to R45
do the correct operations for comparisons (just keep using the
signed/unsigned switch from bivui for them), division (by working
on absolutes and adding the sign at the end), modulo (stupidly by
divising in signed, multiplying and subtracting, to get the sign
of the result right)
also adds rotation
XXX to check: do we need to AND before assigning the result in division?
• tty_fd is now never closed
• new tty_hasstate tracks tty_state (cf. thread around
http://article.gmane.org/gmane.os.miros.mksh/79 and PLD bug)
• as users requested, importing COLUMNS or LINES from the environment
now removes its special-ness as does unsetting it
• otherwise, setting COLUMNS or LINES is honoured until the next SIGWINCH
arrives or change_winsz is otherwise run (e.g. before displaying the
prompt in the interactive command line editing modes)
• SIGWINCH is now honoured before each reading of $COLUMNS and $LINES too
• change the Uhr to match – it no longer calls stty(1) ☺
to get rid of the bias introduced by making the hash never zero
… he also pointed out a memory (heap) usage optimisation… which
may impact code size a bit though as I’d need to pass an additional
argument on hashtable function calls… or, forgo the benefit of not
having to pointer-align the key in the structure, which can be as
much as 3/7 octets per item, heap storage… OTOH the saved space is
4/8 octets per not-allocated item, possibly some code (use of an
multiply-add opcode), but the function call overhead/cost would
possibly be quite a bit… I guess I’ll have to measure…
handle any more, octal 010 style constants, as promised
• overhaul the manpage re. arithmetic expressions, make the guarantees
mksh code has explicitly, precisely, clear
• to reduce burden of the compiler, getint() now operates on mksh_uari_t
internally; it already applied the sign after operation, anyway (C99
guarantees wraparound on unsigned types, but for signed types we need
specific compiler support; apparently, this comes from hardware limits)
• use const and shuffle order of locals around while here
in the cases where they are defined unambiguously; bug reported by
Jilles Tjoelker in <20111129232526.GC14357@stack.nl> due to a report
by Stefano Lattarini on bug-autoconf
in the ambiguous case, I stick to traditional pdksh behaviour, which means
test ! a = b vs. test a = b
and
test ! a -o b vs. test a -o b
behave different from each other (in the second case, the NOT operator
binds strong; POSIX demands a reduction to 3 arguments and negating
that result in the first case), so we're at two known not-ok in the
FreeBSD® testsuite. (81 and 82 in regress.sh,v 1.3)
move /etc/{,suid_}profile to /system/etc/ for Android (but do not make
the location of /etc configurable); rewrite manpage section about
/etc/{,suid_}profile, .profile, .mkshrc
tg