mirror of
https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git
synced 2024-12-20 23:54:38 +01:00
sh: Do not import IFS's value from the environment.
Per Austin group issue #884, always set IFS to $' \t\n'. As before, IFS will be exported iff it was in the environment. Most shells (e.g. bash, ksh93 and mksh) already did this. This change improves predictability, in that scripts can simply rely on the default value. However, the effect on security is little, since applications should not be calling the shell with attacker-controlled environment variable names in the first place and other security-sensitive variables such as PATH should be and are imported by the shell. When using a new sh with an old (before 10.2) libc wordexp(), IFS is no longer passed on. Otherwise, wordexp() continues to pass along IFS from the environment per its documentation. Discussed with: pfg Relnotes: yes
This commit is contained in:
parent
45571f8886
commit
7cca93e61a
Notes:
svn2git
2020-12-20 02:59:44 +00:00
svn path=/head/; revision=306843
@ -32,7 +32,7 @@
|
||||
.\" from: @(#)sh.1 8.6 (Berkeley) 5/4/95
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd May 30, 2016
|
||||
.Dd October 8, 2016
|
||||
.Dt SH 1
|
||||
.Os
|
||||
.Sh NAME
|
||||
@ -1349,13 +1349,13 @@ used in tilde expansion and as a default directory for the
|
||||
built-in.
|
||||
.It Va IFS
|
||||
Input Field Separators.
|
||||
The default value is
|
||||
This is initialized at startup to
|
||||
.Aq space ,
|
||||
.Aq tab ,
|
||||
and
|
||||
.Aq newline
|
||||
in that order.
|
||||
This default also applies if
|
||||
This value also applies if
|
||||
.Va IFS
|
||||
is unset, but not if it is set to the empty string.
|
||||
See the
|
||||
|
@ -9,6 +9,7 @@ ATF_TESTS_SH= functional_test
|
||||
|
||||
${PACKAGE}FILES+= env1.0
|
||||
${PACKAGE}FILES+= exitstatus1.0
|
||||
${PACKAGE}FILES+= ifs1.0
|
||||
${PACKAGE}FILES+= mail1.0
|
||||
${PACKAGE}FILES+= mail2.0
|
||||
${PACKAGE}FILES+= optind1.0
|
||||
|
10
bin/sh/tests/parameters/ifs1.0
Normal file
10
bin/sh/tests/parameters/ifs1.0
Normal file
@ -0,0 +1,10 @@
|
||||
# $FreeBSD$
|
||||
|
||||
env IFS=_ ${SH} -c '
|
||||
rc=2
|
||||
nosuchtool_function() {
|
||||
rc=0
|
||||
}
|
||||
v=nosuchtool_function
|
||||
$v && exit "$rc"
|
||||
'
|
@ -186,6 +186,7 @@ initvar(void)
|
||||
}
|
||||
}
|
||||
setvareq_const("OPTIND=1", 0);
|
||||
setvareq_const("IFS= \t\n", 0);
|
||||
}
|
||||
|
||||
/*
|
||||
|
Loading…
Reference in New Issue
Block a user