On Wed, Jun 27, 2007 at 01:45:07AM +0200, Roland Mainz wrote:
> Nicolas Williams wrote:
> > But will ksh or ksh93 know that this script must not source $ENV?
>
> Erm, I don't know what's the correct behaviour for Solaris ksh88... but
> for ksh93 it's clearly defined that ${ENV} and /etc/ksh.kshrc are only
> sourced for _interactive_ shell sessions by default - and that excludes
> non-interactive scripts.
Right, and I'd forgotten that, and when I glanced at the manpage,
nervous that I'd might have missed a ksh option that's important for
setuid scripts, it was not obvious that this was indeed the case.
> > Apparently ksh won't source it anyways; this was not clear from the man
> > page.
> >
> > Note that in the RBAC profile for this script the script gets run with
> > privs=all, not euid=0, so checking that euid == uid is not sufficient.
>
> What do you mean with that ?
Read the part of the script that deals with the 'setup' sub-command.
> > As you can see the script quotes user arguments throughout. It's
> > probably secure -- what I meant is that I make no guarantees about this
> > script :)
>
> Yes... I saw that... and I realised that the new ksh93 getopts, pattern
> matching (e.g. [[ "${pat}" == ~(Ei).*myregex.* ]] to replace something
> like [ "$(echo "${pat}" | egrep -i ".*myregex.*")" != "" ] ) and
> associative arrays (e.g. use string as index instead of numbers) would
> be usefull for this script.
Indeed. I can't tell you how many times I've wished that Solaris had
had ksh93 back in, well, 1993 :) Although, I must say that I *like* KSH
globs quite a bit, enough so that I'd not resort to regexps in a ksh93
script unless I had to match patterns that were not easily expressible
as KSH globs. And I like KSH variable substitution transformations like
${var%<pattern>} and so on (though, again, I wish ksh88 had a few more
extensions of that sort).
Nico
--
_______________________________________________
zfs-discuss mailing list
zfs-discuss@opensolaris.org
http://mail.opensolaris.org/mailman/listinfo/zfs-discuss
