rpms/ksh
6
0
Fork 0
Code Issues Pull Requests Releases Activity
270fa2c70b
ksh/ksh-1.0.12-security.patch
Vincent Mihalkovic 270fa2c70b Fix arbitrary command execution/code injection bugs 
Resolves: RHEL-99063
2025-08-06 12:37:10 +02:00

808 lines
34 KiB
Diff
Raw Blame History

From 970812e39c236ff385e440ac6d458d196c237667 Mon Sep 17 00:00:00 2001
From: Johnothan King <johnothanking@protonmail.com>
Date: Fri, 13 Jun 2025 16:29:15 -0700
Subject: [PATCH] Fix arbitrary command execution/code injection bugs (#866)
* Security patch part 1
Never use $SHELL or sh.shpath when executing shebang-less scripts
- sh_ntfork(): Removed a misguided optimization that causes ksh to
run scripts without a shebang using the binary pointed to by
either $SHELL or sh.shpath. This has a few problems:
- The shell in sh.shpath or more disastrously in $SHELL has
no guarantee of being identical to the currently running
copy of ksh93 or even existing at all, so using either is
not only bogus, but potentially dangerous.
- The optimization has no ability to pass down the current
POSIX mode status to the script.
- It's only activated for virtual subshells, resulting in
arbitrarily different behavior depending on whether or
not we're in a virtual subshell.
- It does some weird stuff with /dev/fd that seems superfluous,
and also lacks any SHOPT_DEVFD if directive. (Additionally,
if it did have one, that stat(2) would likely become mere
dead code and a waste of context switches.)
The optimization was probably intended to be used for running a
shebang-less script via posix_spawn, which is ostensibly faster
than fork. But this simply isn't possible without risking running
the shebang-less script in a shell environment different from
the current one. (If ksh were updated by the package manager
while ksh is still running, this optimization would cause the
script to run via the new version, rather than the currently
running older version.) The optimization is unfixable by design,
and as such must be removed to ensure correct behavior.
* Security patch part 2 (re: bae02c39)
rm setuid script code leading to arbitrary command execution
Changes:
- Delete code for setuid scripts on "Solaris 2.5+" because it
allows for arbitrary command execution. One millisecond you think
you're launching ksh, the next you're at the mercy of a hijacker.
Example:
SHELL=/bin/ppmflash /bin/ksh -l /dev/fd/0 < <(true)
MANPATH: usage: MANPATH flashfactor [ppmfile]
flashfactor: 0.0 = original picture, 1.0 = total whiteout
The pathshell() code doesn't *seem* to be vulnerable to privilege
escalation, but who knows (cf. CVE-2019-14868; this might need its
own CVE 2025. Maybe pathshell() should be scrapped entirely???)
- Add fickle but functional regression test (you may need to pass
KSH=/bin/ksh or some such to get it to fail against vulnerable
versions of ksh). The test uses a login shell via the -l option,
but the bug *does not* need a login shell. See:
https://github.com/ksh93/ksh/issues/874#issue-3128739066
Modify the execveat reproducer to pass along environ (which
could include a hijacked SHELL), and you're in for a BAD time.
Maybe the deleted code (introduced sometime within the period of 1995
and 1999) was relevant to some Solaris-specific use case or something.
Maybe the erasure even causes an incompatibility. But that code must
go; it's far too dangerous to execv whatever the hell pathshell gives
us during **init**. (Need I bring CVE-2019-14868 back to remembrance
again? This bug has similarities to that one.)
FWIW, all of the regression tests in the ksh and modernish suites pass
with this patch applied.
* Security patch part 3
Delete pathshell() and replace uses of it with safer equivalents
This function is a dangerous attack vector that ought not remain
in the code base. The value returned by astconf() is doubtless
safer than what is returned by pathshell().
* Other changes
The libast pathprog function and prog feature test are now unused,
and are removed.
---
src/cmd/ksh93/include/shell.h | 3 -
src/cmd/ksh93/sh/init.c | 33 +--------
src/cmd/ksh93/sh/main.c | 21 ------
src/cmd/ksh93/sh/path.c | 2 -
src/cmd/ksh93/sh/xec.c | 20 ------
src/cmd/ksh93/tests/basic.sh | 28 ++++++++
src/lib/libast/Mamfile | 29 +-------
src/lib/libast/comp/omitted.c | 2 +-
src/lib/libast/comp/system.c | 48 -------------
src/lib/libast/features/prog | 12 ----
src/lib/libast/include/ast.h | 2 -
src/lib/libast/man/compat.3 | 1 -
src/lib/libast/man/path.3 | 13 ----
src/lib/libast/man/proc.3 | 5 +-
src/lib/libast/misc/cmdarg.c | 2 +-
src/lib/libast/misc/procopen.c | 2 +-
src/lib/libast/path/pathprog.c | 124 --------------------------------
src/lib/libast/path/pathshell.c | 115 -----------------------------
18 files changed, 37 insertions(+), 425 deletions(-)
delete mode 100644 src/lib/libast/comp/system.c
delete mode 100644 src/lib/libast/features/prog
delete mode 100644 src/lib/libast/path/pathprog.c
delete mode 100644 src/lib/libast/path/pathshell.c
diff --git a/src/cmd/ksh93/include/shell.h b/src/cmd/ksh93/include/shell.h
index 0613ceb..9a1b00e 100644
--- a/src/cmd/ksh93/include/shell.h
+++ b/src/cmd/ksh93/include/shell.h
@@ -213,8 +213,6 @@ struct sh_scoped
char **otrapcom; /* save parent EXIT and signals for v=$(trap) */
void *timetrap;
struct Ufunction *real_fun; /* current 'function name' function */
- int repl_index;
- char *repl_arg;
};
struct limits
@@ -255,7 +253,6 @@ struct Shell_s
Namval_t *bltin_nodes;
Namval_t *bltin_cmds;
History_t *hist_ptr;
- char *shpath;
char *user;
char **sigmsg;
char **login_files;
diff --git a/src/cmd/ksh93/sh/init.c b/src/cmd/ksh93/sh/init.c
index f4daaac..58c4e09 100644
--- a/src/cmd/ksh93/sh/init.c
+++ b/src/cmd/ksh93/sh/init.c
@@ -1355,33 +1355,6 @@ Shell_t *sh_init(int argc,char *argv[], Shinit_f userinit)
}
sh.shlvl++;
nv_offattr(SHLVL,NV_IMPORT);
-#if SHOPT_SPAWN
- {
- /*
- * try to find the pathname for this interpreter
- * try using environment variable _ or argv[0]
- */
- char *cp=nv_getval(L_ARGNOD);
- char buff[PATH_MAX+1];
- sh.shpath = 0;
- if((n = pathprog(NULL, buff, sizeof(buff))) > 0 && n <= sizeof(buff))
- sh.shpath = sh_strdup(buff);
- else if((cp && (sh_type(cp)&SH_TYPE_SH)) || (argc>0 && strchr(cp= *argv,'/')))
- {
- if(*cp=='/')
- sh.shpath = sh_strdup(cp);
- else if(cp = nv_getval(PWDNOD))
- {
- int offset = stktell(sh.stk);
- sfputr(sh.stk,cp,'/');
- sfputr(sh.stk,argv[0],-1);
- pathcanon(stkptr(sh.stk,offset),PATH_DOTDOT);
- sh.shpath = sh_strdup(stkptr(sh.stk,offset));
- stkseek(sh.stk,offset);
- }
- }
- }
-#endif
nv_putval(IFSNOD,(char*)e_sptbnl,NV_RDONLY);
astconfdisc(newconf);
#if SHOPT_TIMEOUT
@@ -1394,7 +1367,6 @@ Shell_t *sh_init(int argc,char *argv[], Shinit_f userinit)
#endif
if(argc>0)
{
- int dolv_index;
/* check for restricted shell */
if(type&SH_TYPE_RESTRICTED)
sh_onoption(SH_RESTRICTED);
@@ -1406,10 +1378,7 @@ Shell_t *sh_init(int argc,char *argv[], Shinit_f userinit)
sh_done(0);
}
opt_info.disc = 0;
- dolv_index = (argc - 1) - sh.st.dolc;
- sh.st.dolv = argv + dolv_index;
- sh.st.repl_index = dolv_index;
- sh.st.repl_arg = argv[dolv_index];
+ sh.st.dolv = argv + (argc - 1) - sh.st.dolc;
sh.st.dolv[0] = argv[0];
if(sh.st.dolc < 1)
{
diff --git a/src/cmd/ksh93/sh/main.c b/src/cmd/ksh93/sh/main.c
index 38ae366..712310e 100644
--- a/src/cmd/ksh93/sh/main.c
+++ b/src/cmd/ksh93/sh/main.c
@@ -247,33 +247,12 @@ int sh_main(int ac, char *av[], Shinit_f userinit)
/* open stream should have been passed into shell */
if(strmatch(name,e_devfdNN))
{
-#if !_WINIX
- char *cp;
- int type;
-#endif
fdin = (int)strtol(name+8, NULL, 10);
if(fstat(fdin,&statb)<0)
{
errormsg(SH_DICT,ERROR_system(1),e_open,name);
UNREACHABLE();
}
-#if !_WINIX
- /*
- * try to undo effect of Solaris 2.5+
- * change for argv for setuid scripts
- */
- if(sh.st.repl_index > 0)
- av[sh.st.repl_index] = sh.st.repl_arg;
- if(((type = sh_type(cp = av[0])) & SH_TYPE_SH) && (name = nv_getval(L_ARGNOD)) && (!((type = sh_type(cp = name)) & SH_TYPE_SH)))
- {
- av[0] = (type & SH_TYPE_LOGIN) ? cp : path_basename(cp);
- /* exec to change $0 for ps */
- execv(pathshell(),av);
- /* exec fails */
- sh.st.dolv[0] = av[0];
- fixargs(sh.st.dolv,1);
- }
-#endif
name = av[0];
sh_offoption(SH_VERBOSE);
sh_offoption(SH_XTRACE);
diff --git a/src/cmd/ksh93/sh/path.c b/src/cmd/ksh93/sh/path.c
index 85f44b5..7728df0 100644
--- a/src/cmd/ksh93/sh/path.c
+++ b/src/cmd/ksh93/sh/path.c
@@ -1195,8 +1195,6 @@ pid_t path_spawn(const char *opath,char **argv, char **envp, Pathcomp_t *libpath
errno = ENOEXEC;
if(spawn)
{
- if(sh.subshell)
- return -1;
do
{
if((pid=fork())>0)
diff --git a/src/cmd/ksh93/sh/xec.c b/src/cmd/ksh93/sh/xec.c
index ca67142..003a93c 100644
--- a/src/cmd/ksh93/sh/xec.c
+++ b/src/cmd/ksh93/sh/xec.c
@@ -3417,26 +3417,6 @@ static pid_t sh_ntfork(const Shnode_t *t,char *argv[],int *jobid,int topfd)
job_fork(-1);
jobfork = 1;
spawnpid = path_spawn(path,argv,arge,pp,(grp<<1)|1);
- if(spawnpid < 0 && errno==ENOEXEC)
- {
- char *devfd;
- int fd = open(path,O_RDONLY);
- argv[-1] = argv[0];
- argv[0] = path;
- if(fd>=0)
- {
- struct stat statb;
- sfprintf(sh.strbuf,"/dev/fd/%d",fd);
- if(stat(devfd=sfstruse(sh.strbuf),&statb)>=0)
- argv[0] = devfd;
- }
- if(!sh.shpath)
- sh.shpath = pathshell();
- spawnpid = path_spawn(sh.shpath,&argv[-1],arge,pp,(grp<<1)|1);
- if(fd>=0)
- close(fd);
- argv[0] = argv[-1];
- }
fail:
if(jobfork && spawnpid<0)
job_fork(-2);
diff --git a/src/cmd/ksh93/tests/basic.sh b/src/cmd/ksh93/tests/basic.sh
index ea83b6b..0b02f7c 100755
--- a/src/cmd/ksh93/tests/basic.sh
+++ b/src/cmd/ksh93/tests/basic.sh
@@ -1019,5 +1019,33 @@ do
done
unset testcode
+# ======
+# Hijacking ksh93 via $SHELL for arbitrary command execution during initialization.
+# https://github.com/ksh93/ksh/issues/874
+bindir=$tmp/dir.$RANDOM/bin
+mkdir -p "$bindir"
+echo $'#!/bin/sh\necho "CODE INJECTION"' > "$bindir"/hijack_sh
+chmod +x "$bindir"/hijack_sh
+got=$(set +x; SHELL="$bindir"/hijack_sh "$SHELL" -l <(echo) 2>&1)
+[[ $got =~ "CODE INJECTION" ]] && err_exit 'ksh93 is vulnerable to being hijacked during init via $SHELL' \
+ "(got $(printf %q "$got"))"
+
+# Hijacking ksh93 shebang-less scripts for arbitrary command execution.
+# https://github.com/ksh93/ksh/pull/866
+export bindir
+print 'echo GOOD' > "$bindir/dummy.sh"
+chmod +x "$bindir/dummy.sh"
+cp "$SHELL" "$bindir/hijack_sh"
+exp=$'GOOD\nGOOD'
+got=$("$bindir/hijack_sh" -c $'print $\'\#!/bin/sh\necho HIJACKED\' > "$bindir/hijack_shell"
+chmod +x "$bindir/hijack_shell"
+rm "$bindir/hijack_sh"
+cp "$bindir/hijack_shell" "$bindir/hijack_sh"
+("$bindir/dummy.sh"); "$bindir/dummy.sh"; :')
+rm -r "$bindir"
+unset bindir
+[[ $exp == $got ]] || err_exit 'ksh93 shebang-less scripts are vulnerable to being hijacked for arbitrary code execution' \
+ "(exp $(printf %q "$exp"), got $(printf %q "$got"))"
+
# ======
exit $((Errors<125?Errors:125))
diff --git a/src/lib/libast/Mamfile b/src/lib/libast/Mamfile
index 0a35576..047ab0c 100644
--- a/src/lib/libast/Mamfile
+++ b/src/lib/libast/Mamfile
@@ -972,12 +972,6 @@ make install
done path/pathbin.c
exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Icomp -Iinclude -Istd -c path/pathbin.c
done pathbin.o generated
- make pathshell.o
- make path/pathshell.c
- prev include/ast.h
- done path/pathshell.c
- exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Icomp -Iinclude -Istd -c path/pathshell.c
- done pathshell.o generated
make pathcd.o
make path/pathcd.c
make include/stk.h implicit
@@ -988,17 +982,6 @@ make install
done path/pathcd.c
exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Icomp -Iinclude -Istd -c path/pathcd.c
done pathcd.o generated
- make pathprog.o
- make path/pathprog.c
- make FEATURE/prog implicit
- prev features/prog
- exec - iffe ${IFFEFLAGS} -v -X ast -X std -c "${CC} ${mam_cc_FLAGS} ${CCFLAGS} ${LDFLAGS}" run features/prog
- done FEATURE/prog generated
- prev include/ast_windows.h
- prev include/ast.h
- done path/pathprog.c
- exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Icomp -Iinclude -Istd -c path/pathprog.c
- done pathprog.o generated
make ftwalk.o
make misc/ftwalk.c
make include/ftwalk.h implicit
@@ -2574,14 +2557,6 @@ make install
done comp/mount.c
exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Icomp -Iinclude -Istd -c comp/mount.c
done mount.o generated
- make system.o
- make comp/system.c
- prev ast_map.h
- prev include/proc.h
- prev include/ast.h
- done comp/system.c
- exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Icomp -Iinclude -Istd -c comp/system.c
- done system.o generated
make iblocks.o
make port/iblocks.c
prev include/ls.h
@@ -4425,9 +4400,9 @@ make install
exec - ${CC} ${mam_cc_FLAGS} ${CCFLAGS} -I. -Icomp -Iinclude -Istd -c vmalloc/vmgetmem.c
done vmgetmem.o generated
exec - ${AR} rc libast.a state.o opendir.o readdir.o rewinddir.o seekdir.o telldir.o getcwd.o fastfind.o hashalloc.o hashdump.o hashfree.o hashlast.o hashlook.o hashscan.o hashsize.o hashview.o hashwalk.o memhash.o memsum.o strhash.o strkey.o strsum.o stracmp.o strnacmp.o ccmap.o ccmapid.o ccnative.o chresc.o chrtoi.o
- exec - ${AR} rc libast.a streval.o strexpr.o strmatch.o strcopy.o modei.o modex.o strmode.o strlcat.o strlcpy.o strlook.o strncopy.o strsearch.o strpsearch.o stresc.o stropt.o strtape.o strpcmp.o strnpcmp.o strvcmp.o strnvcmp.o tok.o tokline.o tokscan.o pathaccess.o pathcat.o pathcanon.o pathcheck.o pathpath.o pathexists.o pathfind.o pathicase.o pathkey.o pathprobe.o pathrepl.o pathnative.o pathposix.o pathtemp.o pathtmp.o pathstat.o pathgetlink.o pathsetlink.o pathbin.o pathshell.o pathcd.o pathprog.o ftwalk.o ftwflags.o fts.o astintercept.o conformance.o getenv.o setenviron.o optget.o optjoin.o optesc.o optctx.o strsort.o struniq.o magic.o mime.o mimetype.o signal.o sigflag.o systrace.o error.o errorf.o errormsg.o errorx.o localeconv.o setlocale.o translate.o catopen.o iconv.o lc.o lctab.o mc.o base64.o recfmt.o recstr.o reclen.o fmtrec.o fmtbase.o fmtbuf.o fmtclock.o fmtdev.o fmtelapsed.o fmterror.o fmtesc.o fmtfmt.o fmtfs.o fmtident.o fmtint.o fmtip4.o fmtip6.o fmtls.o fmtmatch.o fmtmode.o fmtnum.o fmtperm.o fmtre.o fmttime.o
+ exec - ${AR} rc libast.a streval.o strexpr.o strmatch.o strcopy.o modei.o modex.o strmode.o strlcat.o strlcpy.o strlook.o strncopy.o strsearch.o strpsearch.o stresc.o stropt.o strtape.o strpcmp.o strnpcmp.o strvcmp.o strnvcmp.o tok.o tokline.o tokscan.o pathaccess.o pathcat.o pathcanon.o pathcheck.o pathpath.o pathexists.o pathfind.o pathicase.o pathkey.o pathprobe.o pathrepl.o pathnative.o pathposix.o pathtemp.o pathtmp.o pathstat.o pathgetlink.o pathsetlink.o pathbin.o pathcd.o ftwalk.o ftwflags.o fts.o astintercept.o conformance.o getenv.o setenviron.o optget.o optjoin.o optesc.o optctx.o strsort.o struniq.o magic.o mime.o mimetype.o signal.o sigflag.o systrace.o error.o errorf.o errormsg.o errorx.o localeconv.o setlocale.o translate.o catopen.o iconv.o lc.o lctab.o mc.o base64.o recfmt.o recstr.o reclen.o fmtrec.o fmtbase.o fmtbuf.o fmtclock.o fmtdev.o fmtelapsed.o fmterror.o fmtesc.o fmtfmt.o fmtfs.o fmtident.o fmtint.o fmtip4.o fmtip6.o fmtls.o fmtmatch.o fmtmode.o fmtnum.o fmtperm.o fmtre.o fmttime.o
exec - ${AR} rc libast.a fmtuid.o fmtgid.o fmtsignal.o fmtscale.o fmttmx.o fmttv.o fmtversion.o strelapsed.o strperm.o struid.o strgid.o strtoip4.o strtoip6.o stack.o stk.o swapget.o swapmem.o swapop.o swapput.o sigdata.o sigcrit.o sigunblock.o procopen.o procclose.o procrun.o procfree.o tmdate.o tmequiv.o tmfix.o tmfmt.o tmform.o tmgoff.o tminit.o tmleap.o tmlex.o tmlocale.o tmmake.o tmpoff.o tmscan.o tmsleep.o tmtime.o tmtype.o tmweek.o tmword.o tmzone.o tmxdate.o tmxduration.o tmxfmt.o tmxgettime.o tmxleap.o tmxmake.o tmxscan.o tmxsettime.o tmxsleep.o tmxtime.o tmxtouch.o tvcmp.o tvgettime.o tvsettime.o tvsleep.o tvtouch.o cmdarg.o vecargs.o vecfile.o vecfree.o vecload.o vecstring.o univdata.o touch.o mnt.o debug.o memccpy.o memchr.o memcmp.o memcpy.o memdup.o memmove.o memset.o mkdir.o mkfifo.o mknod.o rmdir.o remove.o rename.o link.o unlink.o strdup.o strchr.o strrchr.o strstr.o strtod.o strtold.o strtol.o strtoll.o strtoul.o strtoull.o strton.o strtonll.o strntod.o strntold.o strnton.o
- exec - ${AR} rc libast.a strntonll.o strntol.o strntoll.o strntoul.o strntoull.o strcasecmp.o strncasecmp.o strerror.o mktemp.o tmpnam.o fsync.o execlp.o execve.o execvp.o execvpe.o spawnveg.o killpg.o getlogin.o putenv.o setenv.o unsetenv.o lstat.o statvfs.o eaccess.o gross.o omitted.o readlink.o symlink.o getpgrp.o setpgid.o setsid.o fcntl.o open.o atexit.o getdents.o getwd.o dup2.o errno.o getgroups.o mount.o system.o iblocks.o modedata.o tmdata.o memfatal.o sfkeyprintf.o sfdcdio.o sfdcdos.o sfdcfilter.o sfdcseekable.o sfdcslow.o sfdcsubstr.o sfdctee.o sfdcunion.o sfdcmore.o sfdcprefix.o wc.o wc2utf8.o basename.o closelog.o dirname.o fmtmsglib.o fnmatch.o ftw.o getdate.o getsubopt.o glob.o nftw.o openlog.o re_comp.o resolvepath.o realpath.o regcmp.o regexp.o setlogmask.o strftime.o strptime.o swab.o syslog.o tempnam.o wordexp.o mktime.o regalloc.o regclass.o regcoll.o regcomp.o regcache.o regdecomp.o regerror.o regexec.o regfatal.o reginit.o
+ exec - ${AR} rc libast.a strntonll.o strntol.o strntoll.o strntoul.o strntoull.o strcasecmp.o strncasecmp.o strerror.o mktemp.o tmpnam.o fsync.o execlp.o execve.o execvp.o execvpe.o spawnveg.o killpg.o getlogin.o putenv.o setenv.o unsetenv.o lstat.o statvfs.o eaccess.o gross.o omitted.o readlink.o symlink.o getpgrp.o setpgid.o setsid.o fcntl.o open.o atexit.o getdents.o getwd.o dup2.o errno.o getgroups.o mount.o iblocks.o modedata.o tmdata.o memfatal.o sfkeyprintf.o sfdcdio.o sfdcdos.o sfdcfilter.o sfdcseekable.o sfdcslow.o sfdcsubstr.o sfdctee.o sfdcunion.o sfdcmore.o sfdcprefix.o wc.o wc2utf8.o basename.o closelog.o dirname.o fmtmsglib.o fnmatch.o ftw.o getdate.o getsubopt.o glob.o nftw.o openlog.o re_comp.o resolvepath.o realpath.o regcmp.o regexp.o setlogmask.o strftime.o strptime.o swab.o syslog.o tempnam.o wordexp.o mktime.o regalloc.o regclass.o regcoll.o regcomp.o regcache.o regdecomp.o regerror.o regexec.o regfatal.o reginit.o
exec - ${AR} rc libast.a regnexec.o regsubcomp.o regsubexec.o regsub.o regrecord.o regrexec.o regstat.o dtclose.o dtdisc.o dthash.o dtlist.o dtmethod.o dtopen.o dtstat.o dtstrhash.o dttree.o dtuser.o dtview.o dtwalk.o dtnew.o dtcomp.o sfclose.o sfclrlock.o sfdisc.o sfdlen.o sfexcept.o sfgetl.o sfgetu.o sfcvt.o sfecvt.o sffcvt.o sfextern.o sffilbuf.o sfflsbuf.o sfprints.o sfgetd.o sfgetr.o sfllen.o sfmode.o sfmove.o sfnew.o sfpkrd.o sfnotify.o sfnputc.o sfopen.o sfpeek.o sfpoll.o sfpool.o sfpopen.o sfprintf.o sfputd.o sfputl.o sfputr.o sfputu.o sfrd.o sfread.o sfreserve.o sfscanf.o sfseek.o sfset.o sfsetbuf.o sfsetfd.o sfsize.o sfsk.o sfstack.o sfstrtod.o sfsync.o sfswap.o sftable.o sftell.o sftmp.o sfungetc.o sfvprintf.o sfvscanf.o sfwr.o sfwrite.o sfpurge.o sfraise.o sfwalk.o sfgetm.o sfputm.o sfresize.o _sfclrerr.o _sfeof.o _sferror.o _sffileno.o _sfopen.o _sfstacked.o _sfvalue.o _sfgetc.o _sfgetl.o _sfgetl2.o _sfgetu.o _sfgetu2.o _sfdlen.o _sfllen.o _sfslen.o _sfulen.o _sfputc.o _sfputd.o _sfputl.o _sfputm.o
exec - ${AR} rc libast.a _sfputu.o clearerr.o fclose.o fdopen.o fflush.o fgetc.o fgetpos.o fgets.o fopen.o fprintf.o fpurge.o fputs.o fread.o freopen.o fscanf.o fseek.o fseeko.o fsetpos.o ftell.o ftello.o fwrite.o getw.o pclose.o popen.o printf.o putchar.o puts.o putw.o rewind.o scanf.o setbuf.o setbuffer.o setlinebuf.o setvbuf.o snprintf.o sprintf.o sscanf.o asprintf.o vasprintf.o tmpfile.o ungetc.o vfprintf.o vfscanf.o vprintf.o vscanf.o vsnprintf.o vsprintf.o vsscanf.o _doprnt.o _doscan.o _filbuf.o _flsbuf.o _stdopen.o _stdprintf.o _stdscanf.o _stdsprnt.o _stdvbuf.o _stdvsnprnt.o _stdvsprnt.o _stdvsscn.o fgetwc.o fwprintf.o putwchar.o vfwscanf.o wprintf.o fgetws.o fwscanf.o swprintf.o vswprintf.o wscanf.o fputwc.o getwc.o swscanf.o vswscanf.o fputws.o getwchar.o ungetwc.o vwprintf.o fwide.o putwc.o vfwprintf.o vwscanf.o stdio_c99.o fcloseall.o fmemopen.o getdelim.o getline.o frexp.o frexpl.o astcopy.o
exec - ${AR} rc libast.a astconf.o astdynamic.o astquery.o astwinsize.o conftab.o aststatic.o getopt.o getoptl.o aso.o asolock.o asometh.o asorelax.o aso-sem.o aso-fcntl.o vmbest.o vmclear.o vmclose.o vmdcheap.o vmdebug.o vmdisc.o vmlast.o vmopen.o vmpool.o vmprivate.o vmprofile.o vmregion.o vmsegment.o vmset.o vmstat.o vmstrdup.o vmtrace.o vmwalk.o vmmopen.o malloc.o vmgetmem.o
diff --git a/src/lib/libast/comp/omitted.c b/src/lib/libast/comp/omitted.c
index 447990d..3631d39 100644
--- a/src/lib/libast/comp/omitted.c
+++ b/src/lib/libast/comp/omitted.c
@@ -504,7 +504,7 @@ runve(int mode, const char* path, char* const* argv, char* const* envv)
p = v;
*p++ = (char*)path;
*p++ = (char*)path;
- path = (const char*)pathshell();
+ path = "/bin/sh.exe";
if (*argv)
argv++;
while (*p++ = (char*)*argv++);
diff --git a/src/lib/libast/comp/system.c b/src/lib/libast/comp/system.c
deleted file mode 100644
index 64fa7e7..0000000
--- a/src/lib/libast/comp/system.c
+++ /dev/null
@@ -1,48 +0,0 @@
-/***********************************************************************
-* *
-* This software is part of the ast package *
-* Copyright (c) 1985-2011 AT&T Intellectual Property *
-* Copyright (c) 2020-2023 Contributors to ksh 93u+m *
-* and is licensed under the *
-* Eclipse Public License, Version 2.0 *
-* *
-* A copy of the License is available at *
-* https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html *
-* (with md5 checksum 84283fa8859daf213bdda5a9f8d1be1d) *
-* *
-* Glenn Fowler <gsf@research.att.com> *
-* David Korn <dgk@research.att.com> *
-* Phong Vo <kpv@research.att.com> *
-* Martijn Dekker <martijn@inlv.org> *
-* Johnothan King <johnothanking@protonmail.com> *
-* *
-***********************************************************************/
-/*
- * AST library system(3)
- */
-
-#define system ______system
-
-#define _STDLIB_H_ 1 /* UWIN workaround */
-
-#include <ast.h>
-#include <proc.h>
-
-#undef system
-
-#undef _def_map_ast
-#include <ast_map.h>
-
-extern int
-system(const char* cmd)
-{
- char* sh[4];
-
- if (!cmd)
- return !eaccess(pathshell(), X_OK);
- sh[0] = "sh";
- sh[1] = "-c";
- sh[2] = (char*)cmd;
- sh[3] = 0;
- return procrun(NULL, sh, 0);
-}
diff --git a/src/lib/libast/features/prog b/src/lib/libast/features/prog
deleted file mode 100644
index 365ce88..0000000
--- a/src/lib/libast/features/prog
+++ /dev/null
@@ -1,12 +0,0 @@
-lib getexecname,_NSGetExecutablePath
-
-tst run{
- for p in /proc/self/exe /proc/self/path/a.out
- do if test -e $p
- then echo "#define _PROC_PROG \"$p\""
- break
- fi
- done
-}end
-
-_hdr_macho_o_dyld = hdr mach-o/dyld
diff --git a/src/lib/libast/include/ast.h b/src/lib/libast/include/ast.h
index 5ec170b..6271677 100644
--- a/src/lib/libast/include/ast.h
+++ b/src/lib/libast/include/ast.h
@@ -373,11 +373,9 @@ extern char* pathpath_20100601(const char*, const char*, int, char*, size_t);
extern size_t pathposix(const char*, char*, size_t);
extern char* pathprobe(char*, char*, const char*, const char*, const char*, int);
extern char* pathprobe_20100601(const char*, const char*, const char*, int, char*, size_t, char*, size_t);
-extern size_t pathprog(const char*, char*, size_t);
extern char* pathrepl(char*, const char*, const char*);
extern char* pathrepl_20100601(char*, size_t, const char*, const char*);
extern int pathsetlink(const char*, const char*);
-extern char* pathshell(void);
extern char* pathtemp(char*, size_t, const char*, const char*, int*);
extern char* pathtmp(char*, const char*, const char*, int*);
extern char* setenviron(const char*);
diff --git a/src/lib/libast/man/compat.3 b/src/lib/libast/man/compat.3
index 7baf287..47c344f 100644
--- a/src/lib/libast/man/compat.3
+++ b/src/lib/libast/man/compat.3
@@ -77,7 +77,6 @@ double strtod(const char*, char**);
long strtol(const char*, char**, int);
int symlink(const char*, const char*);
long sysconf(int);
-int system(const char*);
char* tmpnam(char*);
int unlink(const char*);
int waitpid(pid_t, int*, int);
diff --git a/src/lib/libast/man/path.3 b/src/lib/libast/man/path.3
index 8060763..b9fdacf 100644
--- a/src/lib/libast/man/path.3
+++ b/src/lib/libast/man/path.3
@@ -57,7 +57,6 @@ char* pathpath(char* \fIpath\fP, const char* \fIp\fP, const char* \fIa\fP, i
char* pathprobe(char* \fIpath\fP, char* \fIattr\fP, const char* \fIlang\fP, const char* \fItool\fP, const char* \fIproc\fP, int \fIop\fP);
char* pathrepl(char* \fIpath\fP, const char* \fImatch\fP, const char* \fIreplace\fP);
int pathsetlink(const char* \fItext\fP, char* \fIname\fP);
-char* pathshell(void);
int pathstat(const char* \fIpath\fP, struct stat* \fIst\fP);
char* pathtemp(char* \fIpath\fP, const char* \fIdir\fP, const char* \fIpfx\fP);
.EE
@@ -361,18 +360,6 @@ above for weird
.IR universe (1)
interactions hidden by this routine.
.PP
-.L pathshell
-returns a pointer to the pathname for the shell for the current process.
-The
-.L SHELL
-environment variable is first consulted, but is rejected under suspicious
-ownership/setuid conditions of if it seems to point to
-.IR csh (1) ;
-otherwise
-.L confstr(_CS_SHELL,...)
-is used.
-A valid string is always returned.
-.PP
.L pathstat
first tries
.LI stat( path,st )
diff --git a/src/lib/libast/man/proc.3 b/src/lib/libast/man/proc.3
index a338130..9aa66e9 100644
--- a/src/lib/libast/man/proc.3
+++ b/src/lib/libast/man/proc.3
@@ -80,8 +80,9 @@ If
.I command
is
.L 0
-then the current shell is used (see
-.IR pathshell (3)).
+then the shell returned by
+.IR astconf (3)
+is used.
If
.I envv
is not
diff --git a/src/lib/libast/misc/cmdarg.c b/src/lib/libast/misc/cmdarg.c
index bb4a4e3..6f8b24f 100644
--- a/src/lib/libast/misc/cmdarg.c
+++ b/src/lib/libast/misc/cmdarg.c
@@ -128,7 +128,7 @@ cmdopen_20120411(char** argv, int argmax, int size, const char* argpat, Cmddisc_
x = ARG_MAX;
if (size <= 0 || size > x)
size = x;
- sh = pathshell();
+ sh = astconf("SH", NULL, NULL);
m = n + (argc + 4) * sizeof(char**) + strlen(sh) + 1;
m = roundof(m, sizeof(char**));
if (size < m)
diff --git a/src/lib/libast/misc/procopen.c b/src/lib/libast/misc/procopen.c
index 444f612..7482fcf 100644
--- a/src/lib/libast/misc/procopen.c
+++ b/src/lib/libast/misc/procopen.c
@@ -722,7 +722,7 @@ procopen(const char* cmd, char** argv, char** envv, long* modv, int flags)
*p = path;
*--p = "sh";
}
- strcpy(env + 2, (flags & PROC_PARANOID) ? astconf("SH", NULL, NULL) : pathshell());
+ strcpy(env + 2, astconf("SH", NULL, NULL));
if (forked || (flags & PROC_OVERLAY))
execve(env + 2, p, environ);
#if _use_spawnveg
diff --git a/src/lib/libast/path/pathprog.c b/src/lib/libast/path/pathprog.c
deleted file mode 100644
index 09a6148..0000000
--- a/src/lib/libast/path/pathprog.c
+++ /dev/null
@@ -1,124 +0,0 @@
-/***********************************************************************
-* *
-* This software is part of the ast package *
-* Copyright (c) 1985-2012 AT&T Intellectual Property *
-* Copyright (c) 2020-2023 Contributors to ksh 93u+m *
-* and is licensed under the *
-* Eclipse Public License, Version 2.0 *
-* *
-* A copy of the License is available at *
-* https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html *
-* (with md5 checksum 84283fa8859daf213bdda5a9f8d1be1d) *
-* *
-* Glenn Fowler <gsf@research.att.com> *
-* David Korn <dgk@research.att.com> *
-* Phong Vo <kpv@research.att.com> *
-* Martijn Dekker <martijn@inlv.org> *
-* *
-***********************************************************************/
-/*
- * Glenn Fowler
- * AT&T Research
- *
- * return the full path of the current program in path
- * command!=0 is used as a default
- */
-
-#include <ast.h>
-
-#if _WINIX
-#include <ast_windows.h>
-#include <ctype.h>
-#endif
-
-#include "FEATURE/prog"
-
-#if _hdr_macho_o_dyld && _lib__NSGetExecutablePath
-#include <mach-o/dyld.h>
-#else
-#undef _lib__NSGetExecutablePath
-#endif
-
-static size_t
-prog(const char* command, char* path, size_t size)
-{
- ssize_t n;
- char* s;
-#if _WINIX
- char* t;
- char* e;
- int c;
- int q;
-#endif
-#if _lib__NSGetExecutablePath
- uint32_t z;
-#endif
-
-#ifdef _PROC_PROG
- if ((n = readlink(_PROC_PROG, path, size)) > 0 && *path == '/')
- {
- if (n < size)
- path[n] = 0;
- return n;
- }
-#endif
-#if _lib_getexecname
- if ((s = (char*)getexecname()) && *s == '/')
- goto found;
-#endif
-#if _lib__NSGetExecutablePath
- z = size;
- if (!_NSGetExecutablePath(path, &z) && *path == '/')
- return strlen(path);
-#endif
-#if _WINIX
- if (s = GetCommandLine())
- {
- n = 0;
- q = 0;
- t = path;
- e = path + size - 1;
- while (c = *s++)
- {
- if (c == q)
- q = 0;
- else if (!q && c == '"')
- q = c;
- else if (!q && isspace(c))
- break;
- else if (t < e)
- *t++ = c == '\\' ? '/' : c;
- else
- n++;
- }
- if (t < e)
- *t = 0;
- return (t - path) + n;
- }
-#endif
- if (command)
- {
- s = (char*)command;
- goto found;
- }
- return 0;
- found:
- n = strlen(s);
- if (n < size)
- memcpy(path, s, n + 1);
- return n;
-}
-
-size_t
-pathprog(const char* command, char* path, size_t size)
-{
- char* rel;
- ssize_t n;
-
- if ((n = prog(command, path, size)) > 0 && n < size && *path != '/' && (rel = strdup(path)))
- {
- n = pathpath(rel, NULL, PATH_REGULAR|PATH_EXECUTE, path, size) ? strlen(path) : 0;
- free(rel);
- }
- return n;
-}
diff --git a/src/lib/libast/path/pathshell.c b/src/lib/libast/path/pathshell.c
deleted file mode 100644
index 7537c53..0000000
--- a/src/lib/libast/path/pathshell.c
+++ /dev/null
@@ -1,115 +0,0 @@
-/***********************************************************************
-* *
-* This software is part of the ast package *
-* Copyright (c) 1985-2011 AT&T Intellectual Property *
-* Copyright (c) 2020-2023 Contributors to ksh 93u+m *
-* and is licensed under the *
-* Eclipse Public License, Version 2.0 *
-* *
-* A copy of the License is available at *
-* https://www.eclipse.org/org/documents/epl-2.0/EPL-2.0.html *
-* (with md5 checksum 84283fa8859daf213bdda5a9f8d1be1d) *
-* *
-* Glenn Fowler <gsf@research.att.com> *
-* David Korn <dgk@research.att.com> *
-* Phong Vo <kpv@research.att.com> *
-* Martijn Dekker <martijn@inlv.org> *
-* Johnothan King <johnothanking@protonmail.com> *
-* *
-***********************************************************************/
-/*
- * G. S. Fowler
- * D. G. Korn
- * AT&T Bell Laboratories
- *
- * shell library support
- */
-
-#include <ast.h>
-#include <sys/stat.h>
-
-/*
- * return pointer to the full path name of the shell
- *
- * SHELL is read from the environment and must start with /
- *
- * if setuid or setgid then the executable and its containing
- * directory must not be owned by the real user/group
- *
- * root/administrator has its own test
- *
- * astconf("SH",NULL,NULL) is returned by default
- *
- * NOTE: csh is rejected because the bsh/csh differentiation is
- * not done for `csh script arg ...'
- */
-
-#ifdef _WINIX
-# define EXE "?(.exe)"
-#else
-# define EXE
-#endif
-
-char*
-pathshell(void)
-{
- char* sh;
- int ru;
- int eu;
- int rg;
- int eg;
- struct stat st;
-
- static char* val;
-
- if ((sh = getenv("SHELL")) && *sh == '/' && strmatch(sh, "*/(sh|*[!cC]sh)*([[:digit:]])?(-+([.[:alnum:]]))" EXE))
- {
- if (!(ru = getuid()) || !eaccess("/bin", W_OK))
- {
- if (stat(sh, &st))
- goto defshell;
- if (ru != st.st_uid && !strmatch(sh, "?(/usr)?(/local)/?([ls])bin/?([[:lower:]])sh" EXE))
- goto defshell;
- }
- else
- {
- eu = geteuid();
- rg = getgid();
- eg = getegid();
- if (ru != eu || rg != eg)
- {
- char* s;
- char dir[PATH_MAX];
-
- s = sh;
- for (;;)
- {
- if (stat(s, &st))
- goto defshell;
- if (ru != eu && st.st_uid == ru)
- goto defshell;
- if (rg != eg && st.st_gid == rg)
- goto defshell;
- if (s != sh)
- break;
- if (strlen(s) >= sizeof(dir))
- goto defshell;
- strcpy(dir, s);
- if (!(s = strrchr(dir, '/')))
- break;
- *s = 0;
- s = dir;
- }
- }
- }
- return sh;
- }
- defshell:
- if (!(sh = val))
- {
- if (!*(sh = astconf("SH", NULL, NULL)) || *sh != '/' || eaccess(sh, X_OK) || !(sh = strdup(sh)))
- sh = "/bin/sh";
- val = sh;
- }
- return sh;
-}
--
2.50.1
Reference in New Issue View Git Blame Copy Permalink