1996-05-27 01:41:12 +00:00
|
|
|
#!/bin/sh -
|
2005-01-10 08:39:26 +00:00
|
|
|
|
|
|
|
#-
|
1996-05-27 01:41:12 +00:00
|
|
|
# Copyright (c) 1991, 1993
|
|
|
|
# The Regents of the University of California. All rights reserved.
|
|
|
|
#
|
|
|
|
# This code is derived from software contributed to Berkeley by
|
|
|
|
# Kenneth Almquist.
|
|
|
|
#
|
|
|
|
# Redistribution and use in source and binary forms, with or without
|
|
|
|
# modification, are permitted provided that the following conditions
|
|
|
|
# are met:
|
|
|
|
# 1. Redistributions of source code must retain the above copyright
|
|
|
|
# notice, this list of conditions and the following disclaimer.
|
|
|
|
# 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
# notice, this list of conditions and the following disclaimer in the
|
|
|
|
# documentation and/or other materials provided with the distribution.
|
2017-02-28 23:42:47 +00:00
|
|
|
# 3. Neither the name of the University nor the names of its contributors
|
1996-05-27 01:41:12 +00:00
|
|
|
# may be used to endorse or promote products derived from this software
|
|
|
|
# without specific prior written permission.
|
|
|
|
#
|
|
|
|
# THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
# ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
# FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
# DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
# OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
# HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
# LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
# OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
# SUCH DAMAGE.
|
|
|
|
#
|
|
|
|
# @(#)builtins.def 8.4 (Berkeley) 5/4/95
|
1999-08-27 23:15:48 +00:00
|
|
|
# $FreeBSD$
|
1996-05-27 01:41:12 +00:00
|
|
|
|
|
|
|
#
|
|
|
|
# This file lists all the builtin commands. The first column is the name
|
2006-04-02 18:43:33 +00:00
|
|
|
# of a C routine.
|
|
|
|
# The -j flag specifies that this command is to be excluded from systems
|
|
|
|
# without job control.
|
|
|
|
# The -h flag specifies that this command is to be excluded from systems
|
|
|
|
# based on the NO_HISTORY compile-time symbol.
|
2017-06-04 21:02:48 +00:00
|
|
|
# The -n flag specifies that this command can safely be run in the same
|
|
|
|
# process when it is the only command in a command substitution. Some
|
|
|
|
# commands have special logic defined in safe_builtin().
|
2006-04-02 18:43:33 +00:00
|
|
|
# The -s flag specifies that this is a POSIX 'special built-in' command.
|
|
|
|
# The rest of the line specifies the command name or names used to run the
|
|
|
|
# command. The entry for bltincmd, which is run when the user does not specify
|
|
|
|
# a command, must come first.
|
1996-05-27 01:41:12 +00:00
|
|
|
#
|
|
|
|
# NOTE: bltincmd must come first!
|
|
|
|
|
2017-06-04 21:02:48 +00:00
|
|
|
bltincmd -n builtin
|
2005-12-04 20:01:48 +00:00
|
|
|
aliascmd alias
|
1996-05-27 01:41:12 +00:00
|
|
|
bgcmd -j bg
|
2005-12-04 20:01:48 +00:00
|
|
|
bindcmd bind
|
2006-04-02 18:43:33 +00:00
|
|
|
breakcmd -s break -s continue
|
1996-05-27 01:41:12 +00:00
|
|
|
cdcmd cd chdir
|
2017-06-04 21:02:48 +00:00
|
|
|
commandcmd -n command
|
2006-04-02 18:43:33 +00:00
|
|
|
dotcmd -s .
|
2017-06-04 21:02:48 +00:00
|
|
|
echocmd -n echo
|
2006-04-02 18:43:33 +00:00
|
|
|
evalcmd -s eval
|
|
|
|
execcmd -s exec
|
|
|
|
exitcmd -s exit
|
2011-05-27 20:53:07 +00:00
|
|
|
letcmd let
|
2006-04-02 18:43:33 +00:00
|
|
|
exportcmd -s export -s readonly
|
2001-11-17 19:10:11 +00:00
|
|
|
#exprcmd expr
|
2017-06-04 21:02:48 +00:00
|
|
|
falsecmd -n false
|
1996-05-27 01:41:12 +00:00
|
|
|
fgcmd -j fg
|
wordexp: Rewrite to make WRDE_NOCMD reliable.
Shell syntax is too complicated to detect command substitution and unquoted
operators reliably without implementing much of sh's parser. Therefore, have
sh do this detection.
While changing sh's support anyway, also read input from a pipe instead of
arguments to avoid {ARG_MAX} limits and improve privacy, and output count
and length using 16 instead of 8 digits.
The basic concept is:
execl("/bin/sh", "sh", "-c", "freebsd_wordexp ${1:+\"$1\"} -f "$2",
"", flags & WRDE_NOCMD ? "-p" : "", <pipe with words>);
The WRDE_BADCHAR error is still implemented in libc. POSIX requires us to
fail strings containing unquoted braces with code WRDE_BADCHAR. Since this
is normally not a syntax error in sh, there is still a need for checking
code in libc, we_check().
The new we_check() is an optimistic check that all the characters
<newline> | & ; < > ( ) { }
are quoted. To avoid duplicating too much sh logic, such characters are
permitted when quoting characters are seen, even if the quoting characters
may themselves be quoted. This code reports all WRDE_BADCHAR errors; bad
characters that get past it and are a syntax error in sh return WRDE_SYNTAX.
Although many implementations of WRDE_NOCMD erroneously allow some command
substitutions (and ours even documented this), there appears to be code that
relies on its security (codesearch.debian.net shows quite a few uses).
Passing untrusted data to wordexp() still exposes a denial of service
possibility and a fairly large attack surface.
Reviewed by: wblock (man page only)
MFC after: 2 weeks
Relnotes: yes
Security: fixes command execution with wordexp(untrusted, WRDE_NOCMD)
2015-09-30 21:32:29 +00:00
|
|
|
freebsd_wordexpcmd freebsd_wordexp
|
1996-05-27 01:41:12 +00:00
|
|
|
getoptscmd getopts
|
|
|
|
hashcmd hash
|
2005-12-04 20:01:48 +00:00
|
|
|
histcmd -h fc
|
2017-06-04 21:02:48 +00:00
|
|
|
jobidcmd -n jobid
|
|
|
|
jobscmd -n jobs
|
|
|
|
killcmd -n kill
|
1996-05-27 01:41:12 +00:00
|
|
|
localcmd local
|
2017-06-04 21:02:48 +00:00
|
|
|
printfcmd -n printf
|
|
|
|
pwdcmd -n pwd
|
1996-05-27 01:41:12 +00:00
|
|
|
readcmd read
|
2006-04-02 18:43:33 +00:00
|
|
|
returncmd -s return
|
|
|
|
setcmd -s set
|
1996-05-27 01:41:12 +00:00
|
|
|
setvarcmd setvar
|
2006-04-02 18:43:33 +00:00
|
|
|
shiftcmd -s shift
|
2017-06-04 21:02:48 +00:00
|
|
|
testcmd -n test [
|
|
|
|
timescmd -n -s times
|
2006-04-02 18:43:33 +00:00
|
|
|
trapcmd -s trap
|
2017-06-04 21:02:48 +00:00
|
|
|
truecmd -n -s : true
|
|
|
|
typecmd -n type
|
2005-12-04 20:01:48 +00:00
|
|
|
ulimitcmd ulimit
|
1996-05-27 01:41:12 +00:00
|
|
|
umaskcmd umask
|
|
|
|
unaliascmd unalias
|
2006-04-02 18:43:33 +00:00
|
|
|
unsetcmd -s unset
|
1996-05-27 01:41:12 +00:00
|
|
|
waitcmd wait
|
2002-12-26 14:28:54 +00:00
|
|
|
wordexpcmd wordexp
|