7cca93e61a
Per Austin group issue #884, always set IFS to $' \t\n'. As before, IFS will be exported iff it was in the environment. Most shells (e.g. bash, ksh93 and mksh) already did this. This change improves predictability, in that scripts can simply rely on the default value. However, the effect on security is little, since applications should not be calling the shell with attacker-controlled environment variable names in the first place and other security-sensitive variables such as PATH should be and are imported by the shell. When using a new sh with an old (before 10.2) libc wordexp(), IFS is no longer passed on. Otherwise, wordexp() continues to pass along IFS from the environment per its documentation. Discussed with: pfg Relnotes: yes |
||
---|---|---|
.. | ||
env1.0 | ||
exitstatus1.0 | ||
ifs1.0 | ||
mail1.0 | ||
mail2.0 | ||
Makefile | ||
Makefile.depend | ||
optind1.0 | ||
optind2.0 | ||
positional1.0 | ||
positional2.0 | ||
positional3.0 | ||
positional4.0 | ||
positional5.0 | ||
positional6.0 | ||
positional7.0 | ||
positional8.0 | ||
positional9.0 | ||
pwd1.0 | ||
pwd2.0 |