On Mon, Apr 30, 2001 at 05:44:46PM -0400, Matt Zimmerman wrote:
> > I could read that as requiring that if IFS is unset, then you get
> > "" if you inspect its value, NOT the null string.
>
> I have to disagree with this interpretation. The sentence above specifies
> that "the shell will behave _
On Thu, May 03, 2001 at 04:36:43PM +0300, Shaul Karl wrote:
[...]
> [16:24:46 tmp]$ bash -c 'echo x-${IFS}-x'
> x- -x
>
> Ah, something might be wrong with the above tests:
Right. The invoked shell will expand ${IFS} to a string that happens
to be whitespace, then parse the line as an "echo" com
On Thu, May 03, 2001 at 02:30:28PM -0500, Raja R Harinath wrote:
>
> Maybe you want
>
> sh -c 'echo "x-${IFS}-x"'
>
> Both Solaris 2.6 /bin/sh and Linux bash seem to have IFS set.
>
> $ /bin/sh -c 'echo "x-${IFS}-x"'
> x-
> -x
>
Identical behavior with zsh from unstable here.
--
-> -/-
Shaul Karl <[EMAIL PROTECTED]> writes:
> Russ Allbery <[EMAIL PROTECTED]> writes:
> > windlord:~> printenv IFS
> > windlord:~> /bin/sh -c 'echo x-${IFS}-x'
> > x- -x
> > windlord:~> uname -a
> > SunOS windlord.stanford.edu 5.6 Generic_105181-19 sun4u sparc SUNW,Ultra-1
> >
> > Looks set to me, alt
> Herbert Xu <[EMAIL PROTECTED]> writes:
>
> > Not only does that show that Solaris 2.6's shell does not set IFS,
>
> windlord:~> printenv IFS
> windlord:~> /bin/sh -c 'echo x-${IFS}-x'
> x- -x
> windlord:~> uname -a
> SunOS windlord.stanford.edu 5.6 Generic_105181-19 sun4u sparc SUNW,Ultra-1
>
On Wed, 2 May 2001 23:22:29 -0700
"Zack Weinberg" <[EMAIL PROTECTED]> wrote:
> Okay, I'll concede that this exploit is only theoretical on Linux at
> this time.
Remember what was on the L0pht website...
"L0pht, making the throetical practical since [some year I care not to
remember]"
This proba
> > > Get a clue, Linux does not allow setuid scripts.
> >
> > Irrelevant. Look up IFS in a bugtraq archive.
> > I shan't do your homework for you.
>
> I did. And guess what, I didn't find one single exploit regarding this
> on Linux. Interestingly, I found one exploit that relied on IFS to be
Mark Brown <[EMAIL PROTECTED]> wrote:
> On Wed, May 02, 2001 at 07:09:46PM +1000, Herbert Xu wrote:
>> There are only two reasons that a change goes into ash. It's either for
>> standard-compliance or optimisation.
> If you wish to make a version of ash which is minimally-compliant it
> would pr
On Wed, May 02, 2001 at 07:09:46PM +1000, Herbert Xu wrote:
> Perhaps because we need a POSIX compliant shell?
> There are only two reasons that a change goes into ash. It's either for
> standard-compliance or optimisation.
If you wish to make a version of ash which is minimally-compliant it
wo
Sean 'Shaleh' Perry <[EMAIL PROTECTED]> wrote:
> more importantly (to me anyways) is the question of why do we ship an ash that
> is completely different from the one the netbsd (upstream) and RH (another
> packager).
Perhaps because we need a POSIX compliant shell?
There are only two reasons th
Herbert Xu <[EMAIL PROTECTED]> writes:
> Not only does that show that Solaris 2.6's shell does not set IFS,
windlord:~> printenv IFS
windlord:~> /bin/sh -c 'echo x-${IFS}-x'
x- -x
windlord:~> uname -a
SunOS windlord.stanford.edu 5.6 Generic_105181-19 sun4u sparc SUNW,Ultra-1
Looks set to me, alt
> The autoconf folks try very hard to write portable code. They go to
> ridiculous lengths to support every major flavour of OS, compiler,
> make, and shell. Indeed, Zack's tests show that only the recent ash
> behaves differently.
>
more importantly (to me anyways) is the question of why do we
On Wed, May 02, 2001 at 07:34:31AM +1000, Herbert Xu wrote:
> Steve M. Robbins <[EMAIL PROTECTED]> wrote:
>
> > It is likely that the folks who wrote autoconf did not invent this
> > idiom for setting and re-setting $IFS. They probably borrowed the
> > idea from existing shell code, meaning that
Zack Weinberg <[EMAIL PROTECTED]> wrote:
> in the environment, and which postdates 4.4BSD and SVR4, and I'll shut
> up. The burden is on you to do this. I believe I have adequately
Well thanks to a bug in Netscape, I went to its search page instead of
whatever I was trying to open, and the my c
Steve M. Robbins <[EMAIL PROTECTED]> wrote:
> It is likely that the folks who wrote autoconf did not invent this
> idiom for setting and re-setting $IFS. They probably borrowed the
> idea from existing shell code, meaning that the "breakage", as you put
> it, will be widespread indeed.
Please re
On Tue, May 01, 2001 at 06:15:41PM +1000, Herbert Xu wrote:
> On Mon, Apr 30, 2001 at 07:48:07PM -0700, Zack Weinberg wrote:
> > I can keep this up just as long as you can.
>
> Everyone around here knows that I just love this game.
Children!
> In any case, your script is still broken. I'm o
severity 95430 normal
quit
On Mon, Apr 30, 2001 at 07:48:07PM -0700, Zack Weinberg wrote:
> severity 95430 critical
> quit
>
> I can keep this up just as long as you can.
Everyone around here knows that I just love this game.
> > > (tests) ... except that ash does honor IFS from the environment
Alan Shutko <[EMAIL PROTECTED]> writes:
> There are billions and billions of ways you can tweak environment
> variables to break shell scripts that don't bother. What's your
> point? If I can tweak IFS to change parsing, I can also tweak PATH.
So far, all I've come up with are programs passing
Zack Weinberg <[EMAIL PROTECTED]> writes:
> Irrelevant. Look up IFS in a bugtraq archive.
> I shan't do your homework for you.
You're reporting a bug. The standards say this isn't a requirement or
a problem. Prove your case or at least take it to private email.
There are billions and billions
severity 95430 critical
quit
I can keep this up just as long as you can.
...
> > (tests) ... except that ash does honor IFS from the environment. You
> > realize that this is a gaping security hole, even if IFS is only used
> > to split the results of expansion? You realize that it is trivial t
severity 95430 wishlist
quit
On Mon, Apr 30, 2001 at 06:35:53PM -0700, Zack Weinberg wrote:
>
> (tests) ... except that ash does honor IFS from the environment. You
> realize that this is a gaping security hole, even if IFS is only used
> to split the results of expansion? You realize that it i
Zack Weinberg <[EMAIL PROTECTED]> writes:
> Uh, no it can't. I'm talking about self-contained shell scripts,
> not functions. IFS does not inherit through the environment.
> Self-contained scripts can count on its being set to
> "" when execution begins.
Says who?
SUS says:
IFS
Input
[EMAIL PROTECTED] on Tue, May 01, 2001 at 07:30:14AM +1000
# Let's try this again
reopen 95430
severity 95430 critical
retitle 95430 [SECURITY] ash honors IFS in environment
quit
On Tue, May 01, 2001 at 07:30:14AM +1000, Herbert Xu wrote:
>
> > I have consulted the Single Unix Standard and can f
On Mon, Apr 30, 2001 at 06:34:19PM -0400, Ben Darnell wrote:
> This thread is directed at the wrong bug number - the discussion is about
> #95430, but the messages are going to #95420. Please adjust the recipients
> appropriately in your replies.
My apologies, I mistyped the bug number.
zw
cking System" <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>;
Sent: Monday, April 30, 2001 3:16 PM
Subject: Bug#95420: Bug#95430 acknowledged by developer (Re: Bug#95430: ash:
word-splitting changes break shell scripts)
> reopen 95420
> quit
>
> ...
> > On Fr
Matt Zimmerman <[EMAIL PROTECTED]> wrote:
> Of course, it seems that this behavior is different from that of traditional
> Bourne shell implementations, so I think I have to agree that ash should avoid
> diverging from tradition in order to adhere to a relatively new standard.
I will probably cha
On Mon, Apr 30, 2001 at 12:16:16PM -0700, Zack Weinberg wrote:
> [whose words are these? unattributed in your mail]
> > Sorry, but this is broken. This assumes that IFS is set to begin with
> > which may not be the case.
>
> I have consulted the Single Unix Standard and can find only dubious
> j
Zack Weinberg <[EMAIL PROTECTED]> wrote:
>> On Fri, Apr 27, 2001 at 12:22:18AM -0700, Zack Weinberg wrote:
>> >
>> > ash 0.3.8-1 incorporates changes in word splitting which break common
>> > shell scripts, such as /usr/bin/mktexpk and the 'mklibgcc' script used
>> > when compiling GCC.
>> >
>> >
reopen 95420
quit
...
> On Fri, Apr 27, 2001 at 12:22:18AM -0700, Zack Weinberg wrote:
> >
> > ash 0.3.8-1 incorporates changes in word splitting which break common
> > shell scripts, such as /usr/bin/mktexpk and the 'mklibgcc' script used
> > when compiling GCC.
> >
> > #! /bin/ash
> > OIFS=$IF
29 matches
Mail list logo
