[Toybox] [PATCH] sh: pass "\" to the later app
Chet Ramey
chet.ramey at case.edu
Fri Jul 7 13:43:01 PDT 2023
On 7/7/23 3:29 PM, enh wrote:
> cd is a weird one. The v7 Bourne shell exited the shell if the directory
> argument didn't exist, and that didn't change until SVR4.2,
>
>
> and people complain unix isn't user-friendly... :-)
Ha. Sometimes they write books on the subject.
> > I know there's the "this
> > may syntax error and exit the shell" distinction but don't ask me
> how set or
> > true are supposed to do that.
>
> set exits the shell on an invalid option and was special in the Bourne
> shell; true isn't a special builtin.
>
> (I _think_ they added set here because set -u can
> > cause a shell error later? Maybe? But then why unset?
>
> Well, unset didn't exist in the 7th edition shell, but it's special
> in the SVR4 shell. It can only fail if asked to unset a readonly
> variable or one of the shell's non-unsettable variables. It takes no
> options, does no argument checking for invalid identifiers, and unsetting
> a variable that's not set isn't an error, but when asked to unset a
> variable the shell says you can't, the shell exits.
>
> I think POSIX made unset a special builtin because the SVR4 sh did and
> so it would be found in the command search before a function. That gets
> important when you're trying to write a secure script,
>
>
> did the v7 bourne shell just not know whether it was interactive or not?
Of course it did.
> (because, yeah, this kind of thing makes a lot more sense as an early `set
> -e`. but i can't imagine using this interactively!)
The 7th edition shell doesn't exit if it's interactive and a special
builtin fails, that wouldn't make any sense at all. Interactive shells
just abort the command and jump back to the main command loop. It's the
same in POSIX.
The 7th edition shell did have `set -e'; Bourne put it in for `make'.
> Yeah, there's a ways to go.
>
> https://lists.gnu.org/archive/html/help-bash/2023-06/msg00117.html
> <https://lists.gnu.org/archive/html/help-bash/2023-06/msg00117.html>
>
> They mess up the simple stuff.
>
>
> define "mess up"...
Maybe "mess up" was too strong. I think it's rude to send a fatal signal if
you have the function. Either don't provide it or make it return -1/ENOSYS.
Android is by no means the only place this is a problem; it happens with
docker all the time:
https://lists.gnu.org/archive/html/bug-bash/2022-03/msg00010.html
> Android deliberately has strict seccomp filters for
> apps, and the syscalls mentioned in that post are on the "no" list. Android
> gives each _app_ a different uid, so there's typically nothing useful you
> can do here anyway. (things are a bit different if you're actually part of
> the OS, but bash being GPL makes that unlikely :-( )
Sure. But if you have the function, bash assumes it works as documented in
the rest of the Linux world.
> (yes, i agree that it's mildly unfortunate that there's no special case for
> "i don't actually want to change anything", which i think is the case
> they're talking about in that post, and i've wondered about adding that to
> libc once or twice, but my feeling is that it wouldn't be particularly
> useful in practice because _that_ kind of code probably needs a rethink
> anyway when porting to Android.)
I just added code to bash that doesn't try to call setresuid/setresgid if
nothing is actually changing, which will save a couple calls everywhere.
But killing the process is rude.
> but, yeah, "security" and "self-hosting" aren't exactly friends ... the 1%
> bad guys being the reason we can't have nice things, as usual. (executing
> code off a writable filesystem being frowned upon.)
Oh, I get it.
> Thorsten would be happy for android to keep using mksh, I'm sure.
>
>
> (and i'm going to have a lot of fun dealing with compatibility issues
> if/when we move /bin/sh over...)
You know you will, it's best to start looking forward to it now.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, UTech, CWRU chet at case.edu http://tiswww.cwru.edu/~chet/
More information about the Toybox
mailing list