Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > gnu.bash.bug > #15451
| Path | csiph.com!xmission!news.snarked.org!news.linkpendium.com!news.linkpendium.com!panix!usenet.stanford.edu!not-for-mail |
|---|---|
| From | Ilkka Virta <itvirta@iki.fi> |
| Newsgroups | gnu.bash.bug |
| Subject | Re: shebang-less script execution not resetting some options |
| Date | Wed, 2 Oct 2019 13:49:58 +0300 |
| Lines | 79 |
| Approved | bug-bash@gnu.org |
| Message-ID | <mailman.738.1570013420.2651.bug-bash@gnu.org> (permalink) |
| References | <CAMu=BrpjDvF9Rz=JFaGoxV5AwjRoq=aC1htaybVz_kPFsDinbA@mail.gmail.com> <5D9334F8.3090503@tlinx.org> <20191001124135.GJ28751@eeg.ccf.org> <5D9477C6.2000002@tlinx.org> <895e1eb5-d3be-c6fe-8e12-b98765a2b167@iki.fi> |
| NNTP-Posting-Host | lists.gnu.org |
| Mime-Version | 1.0 |
| Content-Type | text/plain; charset=utf-8; format=flowed |
| Content-Transfer-Encoding | 7bit |
| X-Trace | usenet.stanford.edu 1570013420 28253 209.51.188.17 (2 Oct 2019 10:50:20 GMT) |
| X-Complaints-To | action@cs.stanford.edu |
| To | L A Walsh <bash@tlinx.org>, bug-bash@gnu.org |
| Envelope-to | bug-bash@gnu.org |
| User-Agent | Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:60.0) Gecko/20100101 Thunderbird/60.9.0 |
| In-Reply-To | <5D9477C6.2000002@tlinx.org> |
| Content-Language | en-US |
| X-SASI-RCODE | 200 |
| DKIM-Signature | v=1; a=rsa-sha256; c=relaxed/relaxed; d=iki.fi; h=subject:to:references:from:message-id:date:mime-version:in-reply-to:content-type:content-transfer-encoding; s=smtp; bh=t9fjUcP+wIaweQMU4752TUDjCVV0ecNzdTOqH4tmJdo=; b=ajK5RxDmCBeosjdqkFz9xPn46FJlYbo87NqPsszGGxQa/FRbwsd1OSrbtDTROlMvJVJQjSPP3H57U33tUJeGQYHO0nDU1Azu5uChQPxYkKDLHKGRs5jLIyvbnVylQH4r6qlY+Uk2N3k6DvZw8PvveZDCDEeh7gU5BQ61azwtqvXFoPBwvl7ZvgZNvWkobZwdOQ4ORxucEL0DT3ozxSlSOxj8mZaEPq8yr3zHVrSlno1MQNnLIXr0PreAenPXaq012cOeXIjJOdAUOzT0LBz9/LZLYNzKBPXI6CPz7M6AIfwqRSsoEarImuLEhlpIwQV0ybzhihO6j2Ae6wWYf418Iw== |
| X-detected-operating-system | by eggs.gnu.org: FreeBSD 8.x [fuzzy] |
| X-Received-From | 157.24.2.104 |
| X-BeenThere | bug-bash@gnu.org |
| X-Mailman-Version | 2.1.23 |
| Precedence | list |
| List-Id | Bug reports for the GNU Bourne Again SHell <bug-bash.gnu.org> |
| List-Unsubscribe | <https://lists.gnu.org/mailman/options/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=unsubscribe> |
| List-Archive | <https://lists.gnu.org/archive/html/bug-bash> |
| List-Post | <mailto:bug-bash@gnu.org> |
| List-Help | <mailto:bug-bash-request@gnu.org?subject=help> |
| List-Subscribe | <https://lists.gnu.org/mailman/listinfo/bug-bash>, <mailto:bug-bash-request@gnu.org?subject=subscribe> |
| X-Mailman-Original-Message-ID | <895e1eb5-d3be-c6fe-8e12-b98765a2b167@iki.fi> |
| X-Mailman-Original-References | <CAMu=BrpjDvF9Rz=JFaGoxV5AwjRoq=aC1htaybVz_kPFsDinbA@mail.gmail.com> <5D9334F8.3090503@tlinx.org> <20191001124135.GJ28751@eeg.ccf.org> <5D9477C6.2000002@tlinx.org> |
| Xref | csiph.com gnu.bash.bug:15451 |
Show key headers only | View raw
On 2.10. 13:11, L A Walsh wrote:
> On 2019/10/01 05:41, Greg Wooledge wrote:
>> On Tue, Oct 01, 2019 at 04:14:00AM -0700, L A Walsh wrote:
>>
>>> On 2019/09/30 14:39, Grisha Levit wrote:
>>>
>>>> A few of the recently-added shopt options aren't getting reset when
>>>> running a shebang-less script, this should fix it up:
>>>>
>>>>
>>> Suppose the shebang-less script is being run by an earlier version
>>> of bash. Won't the new patch radically change the behavior of of
>>> such programs?
>>>
>>
>> Bash allows a child of itself (a subshell) to read the commands.
>> GNU find -exec uses /bin/sh to run it.
>> zsh and csh both use /bin/sh to run it, I think.
>>
> ----
> So if a user has 'rbash' in /etc/passwd, they might get a real shell
> because various programs ignore what /etc/passwd says?
>
> Um....I suppose no one cares for one reason or another.
-------
2.9 Shell Commands
Command Search and Execution
If the command name does not contain any <slash> characters, the first
successful step in the following sequence shall occur:
[a to d: functions, special builtins, stuff like that]
e. Otherwise, the command shall be searched for using the PATH
environment variable
[...]
b. Otherwise, the shell executes the utility in a separate utility
environment (see Shell Execution Environment) with actions
equivalent to calling the execl() function...
If the execl() function fails due to an error equivalent to the
[ENOEXEC] [...] the shell shall execute a command equivalent to
having a shell invoked with the pathname resulting from the
search as its first operand, [...]
[
https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/utilities/V3_chap02.html#tag_18_09_01_01
]
-----
I think that last sentence above is the relevant part. The standard only
says to "invoke a shell". It doesn't say which shell, probably because
it only specifies one.
Incidentally, it doesn't really specify the hashbang either. As far as I
can tell, it only mentions it as one of two ways that implementations
have "historically" recognized shell scripts. (The above being the other.)
[
https://pubs.opengroup.org/onlinepubs/9699919799.2018edition/functions/execl.html
]
As for rbash, does it matter? If you let a user exec() something,
they'll get that binary, or the interpreter specified in the hashbang if
it's a script. The kernel doesn't look at /etc/passwd to recognize rbash
or such either, so if you want to restrict a user from launching
particular commands, you'll have to do it before exec() is attempted.
That is to say, don't let those users run (other) unrestricted shells,
or any of the various programs that allow forking off other programs,
including find, xargs, many editors, etc.
--
Ilkka Virta / itvirta@iki.fi
Back to gnu.bash.bug | Previous | Next | Find similar | Unroll thread
Re: shebang-less script execution not resetting some options Ilkka Virta <itvirta@iki.fi> - 2019-10-02 13:49 +0300
csiph-web