freebsd-nq/bin/sh
Jilles Tjoelker 7cca93e61a sh: Do not import IFS's value from the environment.
Per Austin group issue , always set IFS to $' \t\n'. As before, IFS will
be exported iff it was in the environment.

Most shells (e.g. bash, ksh93 and mksh) already did this. This change
improves predictability, in that scripts can simply rely on the default
value.

However, the effect on security is little, since applications should not be
calling the shell with attacker-controlled environment variable names in the
first place and other security-sensitive variables such as PATH should be
and are imported by the shell.

When using a new sh with an old (before 10.2) libc wordexp(), IFS is no
longer passed on. Otherwise, wordexp() continues to pass along IFS from the
environment per its documentation.

Discussed with:	pfg
Relnotes:	yes
2016-10-08 13:40:12 +00:00
..
bltin sh: Fix compiler warnings related to duplicate or missing declarations. 2015-03-01 21:46:55 +00:00
funcs
tests sh: Do not import IFS's value from the environment. 2016-10-08 13:40:12 +00:00
alias.c sh: Don't hash alias name when there are no aliases. 2016-02-21 20:58:24 +00:00
alias.h
arith_yacc.c sh: Remove two redundant (uintmax_t) casts. 2014-08-20 20:15:43 +00:00
arith_yacc.h sh: Fix compiler warnings related to duplicate or missing declarations. 2015-03-01 21:46:55 +00:00
arith_yylex.c sh: Fix compiler warnings related to duplicate or missing declarations. 2015-03-01 21:46:55 +00:00
arith.h
builtins.def wordexp: Rewrite to make WRDE_NOCMD reliable. 2015-09-30 21:32:29 +00:00
cd.c sh: Remove a global variable from cd.c. 2016-01-24 17:01:34 +00:00
cd.h
error.c sh: Fix more compiler warnings related to variable declarations. 2015-03-03 21:21:43 +00:00
error.h sh: Move some code from onint() to onsig(), making onint() noreturn. 2014-12-21 23:09:59 +00:00
eval.c sh: Update associated state when restoring locals while leaving a function. 2016-01-10 16:31:28 +00:00
eval.h sh: Make struct arglist an array instead of a linked list. 2015-10-11 21:33:00 +00:00
exec.c sh: Fix copying uninitialized field 'special'. 2016-03-13 22:54:14 +00:00
exec.h
expand.c sh: Fix a clang warning. 2016-07-31 13:11:34 +00:00
expand.h sh: Perform pathname generation during the first expansion phases. 2015-12-31 18:47:54 +00:00
histedit.c sh: Fix some dead stores. 2016-03-06 17:24:02 +00:00
input.c sh: Fix set -v and multiline history after r295825. 2016-02-23 22:44:01 +00:00
input.h sh: Remove arbitrary length limit on << EOF markers. 2014-09-14 16:46:30 +00:00
jobs.c sh: Don't trust that signal descriptions fit within 49 bytes. 2016-03-02 21:24:46 +00:00
jobs.h sh: Fix race condition with signals and wait or set -T. 2013-09-02 21:57:46 +00:00
mail.c sh: Prefer "" to nullstr where possible. 2015-02-15 21:47:43 +00:00
mail.h
main.c sh: Add more necessary INTOFF/INTON. 2014-05-09 13:27:30 +00:00
main.h
Makefile WITH_META_MODE: Don't expect meta files for side-effect generated files. 2016-06-03 19:25:41 +00:00
Makefile.depend DIRDEPS_BUILD: Regenerate without local dependencies. 2016-02-24 17:20:11 +00:00
memalloc.c sh: Add stsavestr(), like savestr() but allocates using stalloc(). 2015-02-15 21:41:29 +00:00
memalloc.h sh: Add stsavestr(), like savestr() but allocates using stalloc(). 2015-02-15 21:41:29 +00:00
miscbltin.c sh: Improve descriptions in 'ulimit -a' output. 2016-06-05 16:09:31 +00:00
mkbuiltins sh: Reduce size of builtins table. 2016-01-03 21:30:22 +00:00
mknodes.c sh/mknodes: Close files and check for errors when writing. 2015-12-20 16:40:36 +00:00
mksyntax.c sh: Fix more compiler warnings related to variable declarations. 2015-03-03 21:21:43 +00:00
mktokens sh: Fix compiler warnings related to duplicate or missing declarations. 2015-03-01 21:46:55 +00:00
myhistedit.h
mystring.c sh: Reject integer overflow in number and is_number. 2014-08-17 16:40:29 +00:00
mystring.h sh: Remove prefix() function. Use strncmp() instead. 2014-07-20 12:06:52 +00:00
nodes.c.pat sh: Remove global state from nodes.c. 2015-11-24 22:47:19 +00:00
nodetypes sh: Prefer "" to nullstr where possible. 2015-02-15 21:47:43 +00:00
options.c sh: Avoid out-of-bounds access in setoptionbyindex() for 'set -o nolog'. 2016-03-09 21:00:57 +00:00
options.h sh: Simplify some code related to positional parameters. 2016-01-19 22:41:26 +00:00
output.c sh: Make sure output suitable as shell input is also printable. 2014-12-14 16:26:19 +00:00
output.h
parser.c The (i < PROMPTLEN - 1) test added by r300442 in the code for the default 2016-06-01 16:56:29 +00:00
parser.h wordexp: Rewrite to make WRDE_NOCMD reliable. 2015-09-30 21:32:29 +00:00
redir.c sh: Don't allocate a redirtab if there are no redirections. 2016-01-30 21:21:25 +00:00
redir.h
sh.1 sh: Do not import IFS's value from the environment. 2016-10-08 13:40:12 +00:00
shell.h
show.c sh: Prefer memcpy() to strcpy() in most cases. Remove the scopy macro. 2013-11-30 21:27:11 +00:00
show.h
TOUR
trap.c sh: Fix use-after-free if a trap replaces itself. 2016-03-28 18:58:40 +00:00
trap.h sh: Move some code from onint() to onsig(), making onint() noreturn. 2014-12-21 23:09:59 +00:00
var.c sh: Do not import IFS's value from the environment. 2016-10-08 13:40:12 +00:00
var.h sh: Make struct arglist an array instead of a linked list. 2015-10-11 21:33:00 +00:00