24 Commits

Author SHA1 Message Date
bdrewery
3d82bdb18a Allow defining nofork builtins from builtins.def and move always-safe ones there.
The generated code remains the same.

Reviewed by:	jilles
Differential Revision:	https://reviews.freebsd.org/D11042
2017-06-04 21:02:48 +00:00
imp
7e6cabd06e Renumber copyright clause 4
Renumber cluase 4 to 3, per what everybody else did when BSD granted
them permission to remove clause 3. My insistance on keeping the same
numbering for legal reasons is too pedantic, so give up on that point.

Submitted by:	Jan Schaumann <jschauma@stevens.edu>
Pull Request:	https://github.com/freebsd/freebsd/pull/96
2017-02-28 23:42:47 +00:00
jilles
aca221db9d wordexp: Rewrite to make WRDE_NOCMD reliable.
Shell syntax is too complicated to detect command substitution and unquoted
operators reliably without implementing much of sh's parser. Therefore, have
sh do this detection.

While changing sh's support anyway, also read input from a pipe instead of
arguments to avoid {ARG_MAX} limits and improve privacy, and output count
and length using 16 instead of 8 digits.

The basic concept is:
execl("/bin/sh", "sh", "-c", "freebsd_wordexp ${1:+\"$1\"} -f "$2",
    "", flags & WRDE_NOCMD ? "-p" : "", <pipe with words>);

The WRDE_BADCHAR error is still implemented in libc. POSIX requires us to
fail strings containing unquoted braces with code WRDE_BADCHAR. Since this
is normally not a syntax error in sh, there is still a need for checking
code in libc, we_check().

The new we_check() is an optimistic check that all the characters
  <newline> | & ; < > ( ) { }
are quoted. To avoid duplicating too much sh logic, such characters are
permitted when quoting characters are seen, even if the quoting characters
may themselves be quoted. This code reports all WRDE_BADCHAR errors; bad
characters that get past it and are a syntax error in sh return WRDE_SYNTAX.

Although many implementations of WRDE_NOCMD erroneously allow some command
substitutions (and ours even documented this), there appears to be code that
relies on its security (codesearch.debian.net shows quite a few uses).
Passing untrusted data to wordexp() still exposes a denial of service
possibility and a fairly large attack surface.

Reviewed by:	wblock (man page only)
MFC after:	2 weeks
Relnotes:	yes
Security:	fixes command execution with wordexp(untrusted, WRDE_NOCMD)
2015-09-30 21:32:29 +00:00
jilles
aa5140b7ec sh: Remove the "exp" builtin.
The "exp" builtin is undocumented, non-standard and not very useful.

If exp's return value is not used, something like
VAR=$(exp EXPRESSION)
is equivalent to
VAR=$((EXPRESSION))
except that errors in the expression are fatal and quoting special
characters is not needed in the latter case.

If exp's return value is used, something like
if exp EXPRESSION >/dev/null
can be replaced by
if [ $((EXPRESSION)) -ne 0 ]
with similar differences.

The exp-run showed that "let" is close enough to bash's and ksh's builtin
that removing it would break a few ports. Therefore, "let" remains in 9.x.

PR:		bin/104432
Exp-run done by: pav (with some other sh(1) changes)
2011-05-27 20:53:07 +00:00
jilles
ae2aabc349 sh: Add kill builtin.
This allows specifying a %job (which is equivalent to the corresponding
process group).

Additionally, it improves reliability of kill from sh in high-load
situations and ensures "kill" finds the correct utility regardless of PATH,
as required by POSIX (unless the undocumented %builtin mechanism is used).

Side effect: fatal errors (any error other than kill(2) failure) now return
exit status 2 instead of 1. (This is consistent with other sh builtins, but
not in NetBSD.)

Code size increases about 1K on i386.

Obtained from:	NetBSD
2010-12-21 22:47:34 +00:00
jilles
129853101d sh: Add printf builtin.
This was removed in 2001 but I think it is appropriate to add it back:
* I do not want to encourage people to write fragile and non-portable echo
  commands by making printf much slower than echo.
* Recent versions of Autoconf use it a lot.
* Almost no software still wants to support systems that do not have
  printf(1) at all.
* In many other shells printf is already a builtin.

Side effect: printf is now always the builtin version (which behaves
identically to /usr/bin/printf) and cannot be overridden via PATH (except
via the undocumented %builtin mechanism).

Code size increases about 5K on i386. Embedded folks might want to replace
/usr/bin/printf with a hard link to /usr/bin/alias.
2010-11-19 12:56:13 +00:00
stefanf
0db401540e Use -s to flag POSIX's "special built-in" utilities in builtins.def. Add a
new member to struct builtincmd and set it to 1 if -s was specified.  This
is done because there are cases where special builtins must be treated
differently from other builtins.

Obtained from:	NetBSD (builtins.def part)
2006-04-02 18:43:33 +00:00
stefanf
9efed7168d Sort. 2005-12-04 20:01:48 +00:00
stefanf
2df32c17d3 Remove a few commented out builtins from the original ash. The files
implementing them were never part of FreeBSD.
2005-12-04 19:37:07 +00:00
stefanf
5c1966823e Add the times builtin. It reports the user and system time for the shell
itself and its children.  Instead of calling times() (as implied by POSIX) this
implementation directly calls getrusage() to get the times because this is more
convenient.
2005-12-04 18:44:21 +00:00
imp
a76898b849 /*- or .\"- or #- to begin license clauses. 2005-01-10 08:39:26 +00:00
markm
4383f14801 Remove clause 3 from the UCB licenses.
OK'ed by:	imp, core
2004-04-06 20:06:54 +00:00
tjr
3b9687df3d Add the "wordexp" shell built-in command which will be used to implement
the POSIX wordexp() function.
2002-12-26 14:28:54 +00:00
tjr
f9fd5faa32 Add a `bind' builtin command, which is simply a wrapper around libedit's
builtin command of the same name. This allows the key bindings for the
shell's line editor to be changed.

MFC after:	2 weeks
2002-07-23 11:50:53 +00:00
tjr
bd9024b4d7 Implement the P1003.2 `command' builtin command, which is used to suppress
shell function and alias lookup. The -p option has been implemented, the
UPE -v and -V options have not. The old `command' command has been renamed
to `builtin'.
2002-07-21 06:49:14 +00:00
knu
96265e088e Remove the printf builtin command from sh(1), which command is not
used so often that it's worth keeping it as a builtin.

Now that all the printf invocations from within the system startup
scripts, we can safely remove it.

Urged by:	sheldonh  :)

No MFC is planned so far because it may break compatibility and
violate POLA.
2001-11-20 18:33:59 +00:00
knu
b58a3e4078 Make test(1) a builtin command of our sh(1) for efficiency. The
binary size increase is 3,784 bytes (about 0.6%).

I don't drop the printf builtin while I'm here because some /etc/rc.*
scripts seem to use it before mounting /usr where printf(1) resides.

Reviewed by:	arch (sheldonh)
Inspired by:	NetBSD, ksh
Clued by:	ume (on how the printf builtin is used)
2001-11-17 19:10:11 +00:00
peter
66312e4a8d $Id$ -> $FreeBSD$ 1999-08-27 23:15:48 +00:00
steve
c2743ee837 Turn on the new type builtin. 1997-04-28 03:50:07 +00:00
peter
83b3c2c161 Revert $FreeBSD$ to $Id$ 1997-02-22 14:13:04 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
peter
943436c3c8 re-activate the printf builtin now that src/usr.bin/printf.c has been
tweaked to work as a builtin better (ie: calls the real printf formatting
code, not sh's cut-down out1fmt() function)
1996-10-01 04:59:13 +00:00
peter
5195be912e Merge of 4.4-Lite2 sh source, plus some gcc -Wall cleaning. This is a
merge of parallel duplicate work by Steve Price and myself. :-]

There are some changes to the build that are my fault...  mkinit.c was
trying (poorly) to duplicate some of the work that make(1) is designed to
do.  The Makefile hackery is my fault too, the depend list was incomplete
because of some explicit OBJS+= entries, so mkdep wasn't picking up their
source file #includes.

This closes a pile of /bin/sh PR's, but not all of them..

Submitted by: Steve Price <steve@bonsai.hiwaay.net>, peter
1996-09-01 10:22:36 +00:00
peter
60815f4c29 Import the 4.4BSD-Lite2 /bin/sh sources
Requested by: joerg

(Note, this is mostly going to be conflicts, which is expected.  Our entire
 sh source has a mainline, so this should not change anything except for
 a few new files appearing.  I dont think they are a problem)
1996-05-27 01:41:12 +00:00