Although "--" historically has not been required to be recognized for
certain special builtins that do not take options in POSIX, some other
implementations recognize options for them, requiring scripts to use "--" or
avoid operands starting with "-".
Operands starting with "-" can be avoided with eval by prepending a space,
and cannot occur with break, continue, exit, return and shift as they only
take numbers, nor with times as it does not take operands. With . and exec,
avoiding "-" is not so easy as it may require reimplementing the PATH
search; therefore the current proposal for POSIX is to require recognition
of "--" for them.
We continue to accept other strings starting with "-" as operands to . and
exec, and also "--" if it is alone to . (which would otherwise be invalid
anyway).
* Move the "environment variables" that do not need exporting to be
effective or that are set by the shell without exporting to a new section
"Special Variables".
* Add special variables LINENO and PPID.
* Add environment variables LANG, LC_* and PWD; also describe ENV under
environment variables.
This prevents accumulating huge amounts of zombies if a script executes
many background commands but no external commands or subshells.
Note that zombies will not be reaped during long calculations (within
the shell process) or read builtins, but those actions do not create
more zombies.
The terminated background commands will also still be remembered by the
shell.
PR: bin/55346
pax(1) was trying to copy the back-referenced data from
the match pattern, not the matched data.
PR: bin/118132
Obtained from: Debian bug #451361
Reviewed by: jilles
MFC after: 3 weeks
These are git commits 36f0fa8fcbc8c7b2b194addd29100fb40e73e4e9 and
d6d06ff5c2ea0fa44becc5ef4340e5f2f15073e4 in dash.
Because this is the first code I'm importing from dash to expand.c, add the
Herbert Xu copyright notice which is in dash's expand.c.
When pathname expanding *\/, the CTLESC representing the quoted state was
erroneously taken as part of the * pathname component. This CTLESC was then
seen by the pattern matching code as escaping the '\0' terminating the
string.
The code is slightly different because dash converts the CTLESC characters
to backslashes and removes all the other CTL* characters to allow
substituting glob(3).
The effect of the bug was also slightly different from dash (where nothing
matched at all). Because a CTLESC can escape a '\0' in some way, whether
files were included despite the bug depended on memory that should not be
read. In particular, on many machines /*\/ expanded to a strict subset of
what /*/ expanded to.
Example:
echo /*"/null"
This should print /dev/null, not /*/null.
PR: bin/146378
Obtained from: dash
This allows doing things like LC_ALL=C some_builtin to run a builtin under a
different locale, just like is possible with external programs. The
immediate reason is that this allows making printf(1) a builtin without
breaking things like LC_NUMERIC=C printf '%f\n' 1.2
This change also affects special builtins, as even though the assignment is
persistent, the export is only to the builtin (unless the variable was
already exported).
Note: for this to work for builtins that also exist as external programs
such as /bin/test, the setlocale() call must be under #ifndef SHELL. The
shell will do the setlocale() calls which may not agree with the environment
variables.
in at least three ways, so do not say it is ignored:
* who may delete/rename a symlink in a sticky directory
* who may do lchflags(2)/lchown(2)/lchmod(2)
* whose inode quota is charged
MFC after: 1 week
In the 'ln source... directory' synopsis, the basename of each source
determines the name of the created link. Determine this using basename(3)
instead of strrchr(..., '/') which is incorrect if the pathname ends in a
slash.
The patch is somewhat changed to allow for basename(3) implementations that
change the passed pathname, and to fix the -w option's checking also.
The code to compare directory entries only applies to hard links, which
cannot be created to directories using ln.
Example:
ln -s /etc/defaults/ /tmp
This should create a symlink named defaults.
PR: 121568
Submitted by: Ighighi
MFC after: 1 week
Two pathnames refer to the same directory entry iff the directories match
and the final components' names match.
Example: (assuming file1 is an existing file)
ln -f file1 file1
This now fails while leaving file1 intact. It used to delete file1 and then
complain it cannot be linked because it is gone.
With -i, this error is detected before the question is asked.
MFC after: 2 weeks
Unset PWD if it is incorrect and no value for it can be determined.
This preserves the logical current directory across shell invocations.
Example (assuming /home is a symlink):
$ cd
$ pwd
/home/foo
$ sh
$ pwd
/home/foo
Formerly the second pwd would show the physical path (symlinks resolved).
Although groff_mdoc(7) gives another impression, this is the ordering
most widely used and also required by mdocml/mandoc.
Reviewed by: ru
Approved by: philip, ed (mentors)
These do pretty much nothing (except that parentheses are ignored), but
people seem to use them and allowing them does not hurt much.
Single-quotes seem not to be used and cause silently different behaviour
with ksh93 character constants.
This makes sh a bit more friendly in single user mode, make buildenv, chroot
and the like, and matches other shells.
The -o emacs can be overridden on the command line or in the ENV file.
Note that the following sentence
> Enclosing the full parameter expansion string in double-quotes does not
> cause the following four varieties of pattern characters to be quoted,
> whereas quoting characters within the braces has this effect.
is now true, but used to be incorrect.
This applies to word in ${v-word}, ${v+word}, ${v=word}, ${v?word} (which
inherits quoting from the outside) and in ${v%word}, ${v%%word}, ${v#word},
${v##word} (which does not inherit any quoting).
In all cases tilde expansion is only attempted at the start of word, even if
word contains spaces. This agrees with POSIX and other shells.
This is the last part of the patch tested in the exp-run.
Exp-run done by: erwin (with some other sh(1) changes)
Note that this depends on r206145 for allowing pattern match characters to
have their special meaning inside a double-quoted expansion like "${v%pat}".
PR: bin/117748
Exp-run done by: erwin (with some other sh(1) changes)
They will be treated like normal characters, resulting in a runtime
arithmetic expression error.
Exp-run done by: erwin (with some other sh(1) changes)
* remove the backslash from \} inside double quotes inside +-=?
substitutions, e.g. "${$+\}a}"
* maintain separate double-quote state for ${v#...} and ${v%...};
single and double quotes are special inside, even in a double-quoted
string or here document
* keep track of correct order of substitutions and arithmetic
This is different from dash's approach, which does not track individual
double quotes in the parser, trying to fix this up during expansion.
This treats single quotes inside "${v#...}" incorrectly, however.
This is similar to NetBSD's approach (as submitted in PR bin/57554), but
recognizes the difference between +-=? and #% substitutions hinted at in
POSIX and is more refined for arithmetic expansion and here documents.
PR: bin/57554
Exp-run done by: erwin (with some other sh(1) changes)
The old approach was wrong because PS2 was not used and seems unlikely to
parse extensions (ksh93's ${ COMMAND} may well fail to parse).
Exp-run done by: erwin (with some other sh(1) changes)
Redirection errors on subshells already did not abort the shell because
the redirection is executed in the subshell.
Other shells seem to agree that these redirection errors should not abort
the shell.
Also ensure that the redirections will be cleaned up properly in cases like
command eval '{ shift x; } 2>/dev/null'
Example:
{ echo bad; } </var/empty/x; echo good
Although simple commands without a command word (only assignments and/or
redirections) are much like special builtins, POSIX and most shells seem to
agree that redirection errors should not abort the shell in this case. Of
course, the assignments persist and assignment errors are fatal.
To get the old behaviour portably, use the ':' special builtin.
To get the new behaviour portably, given that there are no assignments, use
the 'true' regular builtin.
Make parsebackq a function instead of an emulated nested function.
This puts the setjmp usage in a smaller function where it is easier to avoid
bad optimizations.
* avoid unnecessary fork
* allow executing builtins via command
* executing a special builtin via command removes its special properties
Obtained from: NetBSD (parts)
Although argc and argv are never read after the longjmp is complete,
gcc is not clever enough to see that and needlessly warns about it.
So add volatile to silence the compiler.
Approved by: ed (the co-mentor, not ed(1))
Otherwise the -i option will show the inode number of the referenced file
for symbolic links given on the command line. Similarly, the file color
was printed according to the link target in colorized output.
PR: bin/102394
Reviewed by: jilles
MFC after: 2 weeks
All the elements of these structs are char anyway, so it won't hurt
performance.
Bump warns back up to the default.
# we likely should have CTASSERTS to make sure they are the right size.
# but with libarchive based tar maybe we shouldn't bother.
- Allow -h option to work if the listing contains at least one device
file.
- Align major and minor device numbers correctly to the size field.
PR: bin/125678
Approved by: trasz (mentor)
MFC after: 1 month
provides an empty fts_name and reporting the full path is more
appropriate especially with the -R option.
PR: bin/107515
Submitted by: bde
Approved by: trasz (mentor)
MFC after: 1 week
feature parity with du(1) and similar: When set, cp(1) will not traverse
mount points.
Initial patch by: Graham J Lee leeg teaching.physics.ox.ac.uk
PR: bin/88056
Initial patch by: Graham J Lee leeg teaching.physics.ox.ac.uk
Approved by: ed (mentor)
MFC after: 1 month
csh allows you to monitor the utmp(x) file to monitor certain user
logins. Unfortunately it needs to directly stat() this file. I don't
want to break this module , but eventually it shouldn't do that. The
idea of the getutxent(3) API is to hide file access.
Approved by: mp
functionality. Per the regression tests (pgrep-t.t & pkill-t.t), "-t"
should accept "v1", which means a plain number should be accepted for
UNIX98-style PTY's.
- correctly handle error output in $(builtin 2>&1), clarify out1/out2 vs
output/errout in the code
- treat all builtins as regular builtins so errors do not abort the shell
and variable assignments do not persist
- respect the caller's INTOFF
Some bugs still exist:
- expansion errors may still abort the shell
- some side effects of expansions and builtins persist
This will be important when things like 'command eval f' will be possible.
Currently, the funcnest = 0 assignment in RESET (called when returning to
the top level after an error in interactive mode) is really sufficient.
Fix some wrong usages.
Note: this does not affect generated binaries as this argument is not used.
PR: 137213
Submitted by: Eygene Ryabinkin (initial version)
MFC after: 1 month
Reset the exception handler in the child to main's.
This avoids inappropriate double cleanups or shell duplication when the
exception is caught, such as 'fc' and future 'command eval' and 'command .'.
That is, do not do tilde expansion if any of the CTL* bytes (\201-\210), not
only CTLESC and CTLQUOTEMARK, are encountered. Such an expansion would look
up a user name with sh's internal representation.
The parser does not currently distinguish between backslashed and
unbackslashed \201-\210, so tilde expansion of user names with these bytes
in them is not so easy to fix.
It is already done by evalcommand(), unless special-ness has been removed,
in which case variable assignments should not persist. (These are currently
always special builtins, but this will change later: command builtin,
command substitution.)
This also fixes a memory leak when calling . with variable assignments.
Example:
valgrind --leak-check=full sh -c 'x=1 . /dev/null; x=2'
- Redirecting fds that were not open before kept two copies of the
redirected file.
sh -c '{ :; } 7>/dev/null; fstat -p $$; true'
(both fd 7 and 10 remained open)
- File descriptors used to restore things after redirection were not
set close-on-exec, instead they were explicitly closed before executing
a program normally and before executing a shell procedure. The latter
must remain but the former is replaced by close-on-exec.
sh -c 'exec 7</; { exec fstat -p $$; } 7>/dev/null; true'
(fd 10 remained open)
The examples above are simpler than the testsuite because I do not want to
use fstat or procstat in the testsuite.
* exception handlers are now run with interrupts disabled, which avoids
many race conditions
* fix some cases where SIGINT only aborts one command and continues the
script, in particular if a SIGINT causes an EINTR error which trumped the
interrupt.
Example:
sh -c 'echo < /some/fifo; echo This should not be printed'
The fifo should not have writers. When pressing ctrl+c to abort the open,
the shell used to continue with the next command.
Example:
sh -c '/bin/echo < /some/fifo; echo This should not be printed'
Similar. Note, however, that this particular case did not and does not work
in interactive mode with job control enabled.
This avoids weirdness when 'fc -e vi' or the like is done and there is a
syntax error in the file. Formerly an interactive shell tried to execute
stuff after the syntax error and exited.
This should also avoid similar issues with 'command eval' and 'command .'
when 'command' is implemented properly as in NetBSD sh.
Special builtins did not have this problem since errors in them cause the
shell to exit or to reset various state such as the current command input
file.
* increase buffer size from 100 to 256 bytes
* remove implied flush from out2str(), in particular this avoids unnecessary
flushing in the middle of a -x tracing line
* rename dprintf() to out2fmt_flush(), make it flush out2 and use this
function in various places where flushing is desired after an error
message
This is similar to the Solaris utility of the same name.
Some use cases:
* rc.subr's wait_for_pids
* interactive use, e.g. to shut down the computer when some task is done
even if the task is already running
Discussed on: hackers@
This seems more useful and will likely be in the next POSIX standard.
Also document more precisely in the man page what set -u does (note that
$@, $* and $! are the only special parameters that can ever be unset, all
the others are always set, although they may be empty).
the line number where the command substitution started.
This applies to both the $() and `` forms but is most useful for ``
because the other line number is relative to the enclosed text there.
(For older versions, -v can be used as a workaround.)
According to the man page, when neither -H/-L nor -F/-d/-l are given, -H is
implied. This agrees with POSIX, GNU ls and Solaris ls. This means that -p,
although it is very similar to -F, does not prevent the implicit following
of symlinks.
PR: standards/128546
This also fixes that trying to execute a non-regular file with a command
name without '/' returns 127 instead of 126.
The fix is rather simplistic: treat CMDUNKNOWN as if the command were found
as an external program. The resulting fork is a bit wasteful but executing
unknown commands should not be very frequent.
PR: bin/137659
Due to the amount of code removed by this, it seems that allowing unmatched
quotes was a deliberate imitation of System V sh and real ksh. Most other
shells do not allow unmatched quotes (e.g. bash, zsh, pdksh, NetBSD /bin/sh,
dash).
PR: bin/137657
I do not consider this a bug because POSIX permits it and argument strings
and environment variables cannot contain '\0' anyway.
PR: bin/25542
MFC after: 2 weeks
Note that this changes error reporting behaviour somewhat - before,
no error was reported if ACL couldn't be copied because the target
filesystem doesn't support ACLs. Now, it will be reported - of course,
only if there actually is an ACL to copy.
Reviewed by: rwatson
- Keep variables sorted
- Fix logic error with -f and -v options - don't print
the usual -v output if there was an error, whether or not
we were passed -f
- Don't call free(3) just before exit(2)
- Whitespace fixes
Submitted by: bde
Empty pairs of braces are represented by a NULL node pointer, just like
empty lines at the top level.
Support for empty pairs of braces may be removed later. They make the code
more complex, have inconsistent behaviour (may or may not change $?), are
not specified by POSIX and are not allowed by some other shells like bash,
dash and ksh93.
Reported by: kan
Add a reference count to function definitions.
Memory may leak if multiple SIGINTs arrive in interactive mode,
this will be fixed later by changing SIGINT handling.
PR: bin/137640
This implements the POSIX.1-2008 -L and -P flags.
The default remains to create hard links to the target of symlinks.
Approved by: re (kib), ed (mentor)
is identical to the mode computed from that ACL will modify the ACL.
For example, mode computed from the following ACL is 0600:
user:kamila:rwx--------C--:------:allow
owner@:--x-----------:------:deny
owner@:rw-p---A-W-Co-:------:allow
group@:rwxp----------:------:deny
group@:--------------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
However, applying that mode (chmod 0600) changes the ACL into this:
user:kamila:rwx-----------:------:deny
user:kamila:rwx--------C--:------:allow
owner@:--x-----------:------:deny
owner@:rw-p---A-W-Co-:------:allow
group@:rwxp----------:------:deny
group@:--------------:------:allow
everyone@:rwxp---A-W-Co-:------:deny
everyone@:------a-R-c--s:------:allow
In chmod(1) utility, there is an optimisation, which makes it not
call chmod(2) if the mode of the file is the same as the new mode.
Disable that optimisation for files which may have NFSv4 ACLs.
Reviewed by: rwatson
Approved by: re (kib)
in particular "$@"$ifschar if the final positional parameter is empty.
With the NetBSD code, adding the $ifschar removes a parameter.
PR: standards/79067
Approved by: ed (mentor) (implicit)
(EV_EXIT). The fork is still done as normal if any traps are active.
In many cases, the fork can be avoided even without this change by using {}
instead of (), but in practice many scripts use (), likely because the
syntax is simpler.
Example:
sh -c '(/bin/sleep 10)& sleep 1;ps -p $! -o comm='
Now prints "sleep" instead of "sh". $! is more useful this way.
Most shells (dash, bash, pdksh, ksh93, zsh) seem to print "sleep" for this.
Example:
sh -c '( ( ( (ps jT))))'
Now shows no waiting shell processes instead of four.
Most shells (dash, bash, pdksh, ksh93, zsh) seem to show zero or one.
PR: bin/74404
Approved by: ed (mentor) (implicit)
- update for getrlimit(2) manpage;
- support for setting RLIMIT_SWAP in login class;
- addition to the limits(1) and sh and csh limit-setting builtins;
- tuning(7) documentation on the sysctls controlling overcommit.
In collaboration with: pho
Reviewed by: alc
Approved by: re (kensmith)
- remove ineffective and unnecessary (void) &var; [1]
- remove some unnecessary volatile keywords
- add a necessary volatile keyword
- save the old handler before doing something that could use the saved
value
Submitted by: Christoph Mallon [1]
Approved by: ed (mentor)
Formerly, it was possible for the file to be created between the check if it
existed and the open; the contents would then be lost.
Because this must use O_EXCL, noclobber > will not create a file through a
symlink anymore. This agrees with behaviour of other shells.
Approved by: ed (mentor) (implicit)
Output quoted suitable for re-input to the shell occurs in
various cases such as 'set', 'trap'.
Bugfix: *, ? and [ must be quoted (except sole [)
Bugfix: ~ and # must be quoted (really only sometimes, but keep it simple)
Bugfix: space, tab and newline must always be quoted
Shortening: other IFS characters do not need quoting
Bugfix: send to correct output file, not hard-coded stdout
Shortening: avoid unnecessary '' with \'
Approved by: ed (mentor)
For parsing an old-style backquote substitution (`...`),
a string "file" is used to store the contents of the
substitution (with the special backslash processing done).
If an error occurs, the shell cleans up all these files
(returning to the top level) and flush the top level
file. Erroneously, it first flushed the current file and
then cleaned up all extra files, so that the top level
file (i.e. the terminal) was not flushed.
Example (in interactive mode):
echo `for` echo This should not be printed
Also noticeable in (in interactive mode):
echo `(`
The old version prints an extraneous prompt.
Approved by: ed (mentor)
This change only affects strings passed to -c, when the -s
option is not used.
The approach is to check if there may be additional data
in the string after parsing each command. If there is none,
use the EV_EXIT flag so that a fork may be omitted in
specific cases.
If there are empty lines after the command, the check will
not see the end and forks will not be omitted. The same
thing seems to happen in bash.
Example:
sh -c 'ps lT'
No longer shows a shell process waiting for ps to finish.
PR: bin/113860
Reviewed by: stefanf
Approved by: ed (mentor)
Example:
sh -c '(trap "echo trapped" EXIT; sleep 3)'
now correctly prints "trapped".
With this check, it is no longer necessary to check for -T
explicitly in that case.
This is a useful bugfix by itself and also important because I plan to
skip forking more often.
PR: bin/113860 (part of)
PR: bin/74404 (part of)
Reviewed by: stefanf
Approved by: ed (mentor)
The exit status may exceed 255 in some cases (return); even though it seems
unwise to rely on this, it is also unwise to assume that $? is always
between 0 and 255.
This resolves bin/124748 by documenting that 'exit -1' is not valid.
PR: bin/124748
Approved by: ed (mentor)
Base 10 is always used for the inode counts as I could not think of any
reason base 2 inode counts would be useful.
Minor mdoc markup fix to df(1) while here anyway.
MFC after: 3 weeks
character.
This avoids using non-standard behaviour of the old (upto FreeBSD 7) TTY
layer: it reprocesses the input queue when switching to canonical mode. The
new TTY layer does not provide this functionality and so read -t worked
very poorly (first character is not echoed, cannot be backspaced but is
still read).
This also agrees with what most other shells with read -t do.
PR: bin/129566
Reviewed by: stefanf
Approved by: ed (mentor)
would always terminate if eval returned with a non-zero exit status regardless
if the status was actually tested. Unfortunately a new file-scope variable
is needed, the alternative would only be to add a new parameter to all
built-ins.
PR: 134881
Formerly, this tried to clear the flags on the symlink's target
instead of the symlink itself.
As before, this only happens for root or for the unlink(1) variant of rm.
PR: bin/111226 (part of)
Submitted by: Martin Kammerhofer
Approved by: ed (mentor)
MFC after: 3 weeks
More precisely, this gives precedence to an interpretation not using the
'(', ')', '-a' and '-o' in their special meaning, if possible. For example,
it is now safe to write [ "$a" = "$b" ] and assume it compares the two
strings.
The man page already says that test(1) works this way, so does not need to
be changed.
Interpretation of input with more parameters tries a bit harder to find a
valid parse in some cases.
Add various additional test cases to TEST.sh.
PR: standards/133369
Approved by: ed (mentor)
always surprising when you kill a 'sh -c ...' ancestor or when you kill
yourself when using -f.
Add a -a switch for backwards compatibility.
MFC after: 3 weeks
A difference between the old and the new TTY layer is that the new
implementation does not perform any post-processing before returning
data back to userspace when calling read().
sh(1)'s read turns the TTY into a raw mode before calling select(). This
means that the first character will not receive any ICRNL processing.
Inherit this flag from the original terminal attributes.
Even though this issue is not present on RELENG_*, I'm MFCing it to make
sh(1) in jails behave better.
PR: bin/129566
MFC after: 2 weeks
label is choosen as last printout (ucomm suffers of this such bug
too). That bug is caused by the fact that the fixed size of
printout doesn't leave enough space for them to be printed out.
Implement ucomm and comm commands with a dynamic size lenght for
buffers.
[2] On AMD64 architecture pointers don't have enough chars space to
be shown (8 chars while they need 16). Fix them by providing
a variadic space so that it fits well on both 64 and 32 bits
architectures.
[3] Check a return value of malloc() that wasn't checked before.
PR: bin/128841, bin/128842
Reviewed by: jhb, emaste
Sponsored by: Sandvine Incorporated
symlinks after setting the owner. As a result, mode
and timestamp were not restored. This patch corrects the
problem by simply removing the short-circuit for symlinks
and using lchown()/lchmod()/lutimes() always for restoring
metadata.
PR: bin/91316
Submitted by: Jaakko Heinonen
Reviewed by: Joerg Sonnenberger
MFC after: 14 days
This should be a bit useful for users who look at the manpage and
then try to copy data CD-ROM disks using dd. A lot of us know
that bs=2048 is required, but it still manages to cause a bit of
grief to those who haven't heard about it.
PR: bin/130857
Submitted by: Tri Brotoharsono < mail at tribrotoharsono.net >
MFC after: 3 days
rather than a voltag name, do not set the CESR_VOLTAGS flags in the
CHIOGSTATUS command requesting the current status. As voltags are an
optional feature that must be handled as "reserved" by media changers
not implementing the feature, always setting CESR_VOLTAGS resulted in
the command being aborted with an `Invalid field in CDB', and
consequently the "chio return" failed, for media changers that do not
support voltags.
MFC after: 1 week
in the system. A simple heuristics is used to detect what is "enough"
memory: if number of physmem pages is greater than 32k (equalling 128 MB
on machines with 4 kB pages).
Typical immediate result of these changes is reduction in context switches
and the goal is to increase efficiency by using large buffers:
before: /usr/bin/time -hlp cat file1 > file2
...
163 voluntary context switches
11194 involuntary context switches
after: /usr/bin/time -hlp ./cat file1 > file2
...
417 voluntary context switches
272 involuntary context switches
Reviewed by: hackers@ (no objections to earlier version of cat patch)
Approved by: gnn (mentor)
MFC after: 4 months
In my previous commit I disabled pkill(1)'s automatic prepending of the
"tty" string when `pkill -t' was being used. Re-enable it and stat()
both possible device names when called.
Requested by: jhb, rwatson (MFC)
MFC after: 1 month
Because we now enforce UNIX98-style PTY's, we now use a lot of TTY's
that don't have the traditional /dev/ttyXX naming scheme. pkill(1)'s -t
flag automatically prepended the word "tty" to each TTY that was passed
on the command line. This meant that `pkill -t pts/0' was actually
converted to /dev/ttypts/0. Disable this broken behaviour for now.
Reported by: erwin
Initially, 'acl' (an 'acl_t *') is allocated, and its ACCESS_ACL and
DEFAULT_ACL fields are passed to the 'libc' ACL routines for subsequent
allocation. If the '-m' option (merge existing ACL with a new one) is
specified, then 'set_acl_mask()' will be called and passed one of the
two ACLs. This function, in turn, replaces this given ACL structure by
another, freshly allocated. However, the pointer in the 'acl' variable
in the caller is not updated. The caller then proceeds to free the ACL,
incurring in a double free condition.
Submitted by: Pedro Martelletto <pedro at ambientworks.net>
Approved by: rwatson (mentor)
for the convenience of rc.d. Now it has happily lived there for quite
a while. So move the pkill(1) source files from usr.bin to bin, too.
Approved by: gad
When I imported the MPSAFE TTY code, I added the -p flag to sh(1)'s
ulimit, but I forgot to document it in the appropriate manual page.
Requested by: stefanf
After the MPSAFE TTY import, we have support for the TAB0 and TAB3 flags
to handle tab expansion, while we only used to support OXTABS. Switch
stty(1) to use tab0 and tab3 to print whether tab expansion is turned on
or off. Implement the oxtabs and tabs switches by setting the
appropriate TABx value.
Even though POSIX only lists this as being XSI, we'd better follow it.
The last half year I've been working on a replacement TTY layer for the
FreeBSD kernel. The new TTY layer was designed to improve the following:
- Improved driver model:
The old TTY layer has a driver model that is not abstract enough to
make it friendly to use. A good example is the output path, where the
device drivers directly access the output buffers. This means that an
in-kernel PPP implementation must always convert network buffers into
TTY buffers.
If a PPP implementation would be built on top of the new TTY layer
(still needs a hooks layer, though), it would allow the PPP
implementation to directly hand the data to the TTY driver.
- Improved hotplugging:
With the old TTY layer, it isn't entirely safe to destroy TTY's from
the system. This implementation has a two-step destructing design,
where the driver first abandons the TTY. After all threads have left
the TTY, the TTY layer calls a routine in the driver, which can be
used to free resources (unit numbers, etc).
The pts(4) driver also implements this feature, which means
posix_openpt() will now return PTY's that are created on the fly.
- Improved performance:
One of the major improvements is the per-TTY mutex, which is expected
to improve scalability when compared to the old Giant locking.
Another change is the unbuffered copying to userspace, which is both
used on TTY device nodes and PTY masters.
Upgrading should be quite straightforward. Unlike previous versions,
existing kernel configuration files do not need to be changed, except
when they reference device drivers that are listed in UPDATING.
Obtained from: //depot/projects/mpsafetty/...
Approved by: philip (ex-mentor)
Discussed: on the lists, at BSDCan, at the DevSummit
Sponsored by: Snow B.V., the Netherlands
dcons(4) fixed by: kan
understand which code paths aren't possible.
This commit eliminates 117 false positive bug reports of the form
"allocate memory; error out if pointer is NULL; use pointer".
When I ported most applications away from <sgtty.h>, I noticed none of
them were actually using these definitions. I kept them in place,
because I didn't want to touch tools like pstat(8) and stty(1).
In preparation for the MPSAFE TTY layer, remove these definitions. This
doesn't have any impact with respect to binary compatibility (see
tty_conf.c).
We couldn now add an #error to <sys/ioctl_compat.h> when included
outside the kernel. Unfortunately, kdump's mkioctls includes this file
unconditionally.
Approved by: philip (mentor)
Cast string precision to `int'. amd64 systems warn about the
field precision being `long int' if we don't, and pathnames are
normally short enough to fit in an `int'.
Noticed by: pav
ln(1) checks to see if the source of a symlink, i.e. the file it
should point to actually exists. The default is the old ln
behavior, that does not check, to avoid surprising people who may
be using ln(1) in scripts or other non-interactive places.
PR: bin/7265
Submitted by: Joel Ray Holveck, detlev!joelh at mail.camalott.com
MFC after: 2 weeks
Portability Utilities" option.
Often configure scripts generated by the autotools test if $LINENO works and
refuse to use /bin/sh if not.
Package test run by: pav
to type int.
- Change the type used for arithmetic expansion to intmax_t (ie. 64 bit on all
currently supported FreeBSD architectures). SUSv3 requires at least type
long but allows for larger types. Other shells (eg. bash, zsh, NetBSD's sh)
do that too.
PR: 122659
Submitted by: Jaakko Heinonen (minor modifications by me)
are used to modify the arguments. Not doing so caused random memory reads or
null pointer dereferences when 'getopts' was called again later (SUSv3 says
getopts produces unspecified results in this case).
PR: 48318
- Allow realpath to accept multiple paths on the command line.
- Add -q to suppress warnings if some paths can't be processed, and use
getopt(3) to process flags.
- Print the path being requested rather than a possibly partially
processed path when a failure occurs so that you can tell which of
several passed paths did fail.
MFC after: 1 week
PR: 112920
Submitted by: Ighighi <ighighi@gmail.com>
- Add -v to print file names as they are processed; -vv prints the flags
change as well.
- Add -f to ignore failures with the same semantics as chflags(1), neither
printing an error nor affecting the return code.
- Don't try to set the flags if they won't change.
I made minor cosmetic tweaks to the code in the patch.
MFC after: 1 week
PR: 112827
Submitted by: Ighighi <ighighi at gmail.com>
computes the new path and the second one, updatepwd(), updates the variables
PWD, OLDPWD and the path used for the pwd builtin according to the new
directory. For a logical directory change, chdir() is now called between
those two functions, no longer causing wrong values to be stored in PWD etc. if
it fails.
PR: 64990, 101316, 120571
on platforms with unsigned chars. The comparison in question is there to
determine whether chars are unsigned or not and is based on comparing a
char, initialized to -1, for less than 0. Change the comparison to check
for geater than 0 instead...
and follow the letter of the POSIX specification.
- Moving a directory to an existing non-empty directory will now fail,
as required.
- Improve consistency and remove some style bugs of earlier versions.
This version passes all tests of tools/regression/bin/mv/regress.sh 1.6
Reviewed by: bde
MFC after: 1 month
warning is given when the directory doesn't exist.
PR: bin/50656
Submitted by: Edwin Groothuis <edwin@mavetju.org>
Approved by: grog@
Not reviewed by: grog@
with the same name exists, delete that directory first, before performing
the copy. This ensures that mv(1) across devices follows the semantics
of rename(2), as required by POSIX.
This change could introduce the potential of data loss, even if the
copy fails, violating the atomicity properties of rename(2). This is
(mostly) mitigated by first renaming the destination and obliterating
it only after a succesfull copy.
The above logic also led to the introduction of code that will cleanup
the results of a partial copy, if a cross-device copy fails.
PR: bin/118367
MFC after: 1 month
This fixes its compilation if MK_OPENSSL == no and also obsoletes
release/Makefile rev. 1.192. The latter isn't reverted though as
support for the fixit floppy and the rest of the boot floppies is
scheduled to be deorbited anyway.
Discussed with: kensmith
kthread_add() takes the same parameters as the old kthread_create()
plus a pointer to a process structure, and adds a kernel thread
to that process.
kproc_kthread_add() takes the parameters for kthread_add,
plus a process name and a pointer to a pointer to a process instead of just
a pointer, and if the proc * is NULL, it creates the process to the
specifications required, before adding the thread to it.
All other old kthread_xxx() calls return, but act on (struct thread *)
instead of (struct proc *). One reason to change the name is so that
any old kernel modules that are lying around and expect kthread_create()
to make a process will not just accidentally link.
fix top to show kernel threads by their thread name in -SH mode
add a tdnam formatting option to ps to show thread names.
make all idle threads actual kthreads and put them into their own idled process.
make all interrupt threads kthreads and put them in an interd process
(mainly for aesthetic and accounting reasons)
rename proc 0 to be 'kernel' and it's swapper thread is now 'swapper'
man page fixes to follow.
- p_sflag was mostly protected by PROC_LOCK rather than the PROC_SLOCK or
previously the sched_lock. These bugs have existed for some time.
- Allow swapout to try each thread in a process individually and then
swapin the whole process if any of these fail. This allows us to move
most scheduler related swap flags into td_flags.
- Keep ki_sflag for backwards compat but change all in source tools to
use the new and more correct location of P_INMEM.
Reported by: pho
Reviewed by: attilio, kib
Approved by: re (kensmith)
setenv(3) by tracking the size of the memory allocated instead of using
strlen() on the current value.
Convert all calls to POSIX from historic BSD API:
- unsetenv returns an int.
- putenv takes a char * instead of const char *.
- putenv no longer makes a copy of the input string.
- errno is set appropriately for POSIX. Exceptions involve bad environ
variable and internal initialization code. These both set errno to
EFAULT.
Several patches to base utilities to handle the POSIX changes from
Andrey Chernov's previous commit. A few I re-wrote to use setenv()
instead of putenv().
New regression module for tools/regression/environ to test these
functions. It also can be used to test the performance.
Bump __FreeBSD_version to 700050 due to API change.
PR: kern/99826
Approved by: wes
Approved by: re (kensmith)
handling is that fd = open(foo) is -1. This bug is harmless since
close(-1) just returns an error (which the code ignores).
Found by: Coverity Prevent(tm)
CID: 1503 (in userland test run)
Not because I admit they are technically wrong and not because of bug
reports (I receive nothing). But because I surprisingly meets so
strong opposition and resistance so lost any desire to continue that.
Anyone who interested in POSIX can dig out what changes and how
through cvs diffs.
1) Under POSIX unsetenv("foo=bar") is explicit error and not equal
to unsetenv("foo")
2) Prepare for upcomig POSIXed putenv() rewrite: make putenv() calls
portable and conforming to standard.
Before this fix the -h flag was ignored (i.e. setfacl
always set the ACL on the file pointed to by the symbolic
link even when the -h flag requested that the ACL be set
on the symbolic link itself).
either -v or -V) if a file with a slash in the name doesn't exist (if there is
no slash we already did that).
Additionally, suppress the error message for command -v for files with a slash.
PR: 107674
Submitted by: Martin Kammerhofer
This allows script compatibility with Linux, whose
"hostname" is the same as BSD "hostname -s".
With this change, "hostname -f" is the same on
both systems.
MFC after: 7 days
issue a syntax error immediately but save the information that it is erroneous
for later when the parameter expansion is actually done. This means eg. "false
&& ${}" will not generate an error which seems to be required by POSIX.
Include the invalid parameter expansion in the error message (sometimes
abbreviated with ... because recovering it would require a lot of code).
PR: 105078
Submitted by: emaste
instead of removing the file and issue a warning about
the removal, do not do any operation at all in case -P
is specified when the dinode has hard links.
With -f and -P specified together, we assume that the
user wants rm to overwrite the contents of the file
and remove it (destroy the contents of file but leave
its hard links as is).
The reason of doing it this way is that, in case where
a hard link is created by a malicious user (currently
this is permitted even if the user has no access to the
file). Losing the link can potentially mean that the
actual owner would lose control completely to the user
who wants to obtain access in a future day.
Discussed with: Peter Jermey
is hard links. Overwritting when links > 1 would cause data
loss, which is usually undesired.
Inspired by: discussion on -hackers@
Suggested by: elessar at bsdforen de
Obtained from: OpenBSD
compatible with old -r behavior with regards to -L. You can now copy fifos
and other special files with -r.
Reviewed by: -standards (long ago), das, bde
Approved by: bde (recently)
process leader for each job. Now the last specified option for the output
format (-l, -p or -s) wins, previously -s trumped -l.
PR: 99926
Submitted by: Ed Schouten and novel (patches modified by me)
current implementation of df(1) is does not properly format the output under
certain conditions. Right now -kP and -Pk are not the same thing. Further,
when we set the BLOCKSIZE environment variable, we use "1k" instead of "1024",
making the header display incorrectly.
To quote the specification:
"When both the -k and -P options are specified, the following header line
shall be written (in the POSIX locale):
"Filesystem 1024-blocks Used Available Capacity Mounted on\n"
- If -P has been specified, check to make sure that -k has not already been
specified, if so, simply break instead of clobbering the previous blocksize
- Use 1024 instead of 1k to make the header POSIX compliant
Reported by: Andriy Gapon
Discussed with: bde, ru
MFC after: 1 week
the header title string "bar" extends to the end of the argument
even if it contains commas or spaces, unlike in RELENG_4 or earlier.
The modern syntax agrees with SUSv3.
MFC after: 3 days
"feature" doesn't seem to be in the standards or elsewhere, and
it is against what we are used to in C and sh(1), so put the
paragraph under BUGS.
Pointed out by: dougb
MFC after: 3 days
Utilities option. Its value is printed at the beginning of the line if tracing
(-x) is active. PS4 defaults to the string "+ " which is compatible with the
old behaviour to always print "+ ".
We still need to expand variables in PS1, PS2 and PS4.
PR: 46441 (part of)
Submitted by: schweikh
Obtained from: NetBSD
.//dir as /dir. Rather strip it only for the purpose of checking if the
directory path should be printed.
PR: 88813
Submitted by: Josh Elsasser
Patch from: NetBSD (cd.c rev 1.38)
MFC after: 2 weeks
next read filename overwrite previous one, resulting in acl being
applied only to the last name in the list.
Submitted by: Oleg Lomaka <oleg.lomaka at gmail com>
MFC after: 1 week
Approved by: kan (mentor)
wording makes it look like pax archives > 32256 bytes are not
POSIX-compliant! Correct this to state that pax archives with
block sizes > 32256 are not POSIX compliant...and settle our fears.
PR: docs/97059
Reviewed by: Giorgos Keramidas <keramida>
own buffer. Interactively typing in long lines (>1023 characters)
previously overflowed the buffer. Unlike the NetBSD people I don't see the
need to subtract 8 from BUFSIZ, so I just used BUFSIZ-1.
Obtained from: NetBSD
PR: 91110
I would have chosen the EOF markers, but they are no longer available
AFAICS, so output "<<HERE" and "<<XHERE" instead.
(NOTE: These changes only affect DEBUG output.)
demanded by POSIX.
- A redirection error is only fatal (meaning the execution of a shell script is
terminated) for special built-ins. Previously it was fatal for all shell
builtins, causing problems like the one reported in PR 88845.
- Variable assignments remain in effect for special built-ins.
- Option or operand errors are only fatal for special built-ins.
This change also makes errors from 'fc' non-fatal (I could not find any reasons
for this behaviour).
Somewhat independently from the above down-grade the error handling in the
shift built-in if the operand is bigger than $# from an error() call (which is
now fatal) to a return 1. I'm not sure if this should be considered a POSIX
"operand error", however this change is needed for now as we trigger that error
while building libncurses. Comparing with other shells, zsh does the same as
our sh before this change (write a diagnostic, return 1), bash behaves as our
sh after this commit (no diagnostic, return 1) and ksh93 and NetBSD's sh treat
it as a fatal error.
all column-headers to print in lowercase by default. I was in too
much of a rush in committing 1.75, and didn't notice that the case
had changed. This time I did considerably more testing, and used
'diff' instead of just quickly eyeballing the results...
Apologies. I expect this means the dunce cap is mine for awhile.
If this doesn't work, I'll just drop back to 1.72 and hide under
my desk for awhile.
the user specifies a keyword which is an alias to some other keyword.
E.g.: stat (for state) or pcpu (for %cpu)..
Submitted by: Kostik Belousov
MFC plans: "soon"
is just ". file" according to POSIX, however many other shells allow
arguments to be passed after the file. For compatibility (we even use that
feature in buildworld) additional arguments are not considered to be an
error, even though this shell does not do anything with the arguments at all.
new member to struct builtincmd and set it to 1 if -s was specified. This
is done because there are cases where special builtins must be treated
differently from other builtins.
Obtained from: NetBSD (builtins.def part)
flag to use a time other than modtime (-c, -u, or -U), the output would
actually be sorted by the specified time rather than size. This does
alter the behavior in the case where both -S and -t are specified. Now,
-S is always preferred. Previously, -t was preferred if one of -c, -u, or
-U was specified, and -S was preferred otherwise. Perhaps -S and -t should
override each other (last one specified wins).
output-format keyword, and the keyword they picked is an alias to
some other keyword. E.g.: ps -o stat=Zustand $$
('stat' is defined as an alias for 'state')
PR: bin/57833
MFC after: 3 weeks
The tcsh 6.14 uses libiconv to convert catalogs to appropriate charset
dynamically. However, we don't have libiconv in our tree. So, I made
some hack to load libiconv dynamically. If libiconv is available, you
can use catalogs for more locales than the locales which catalog is
actually installed.
To use this feature, you need to symlink catalogs to appropriate
locales. You can do this by installing ports/shells/tcsh_nls.
Reviewed by: arch (no objection)
MFC after: 1 week
automatically it is possible wait4(2) returns -1 and sets
errno = ECHILD if there were forked children. A user can
set such signal handler e.g. via ``trap "" 20'', see a PR
for the test case. Deal with this case and mark a job as
JOBDONE.
PR: bin/90334
Submitted by: bde
MFC after: 4 weeks