svn commit: r306843 - in head/bin/sh: . tests/parameters

Sat Oct 8 13:40:14 UTC 2016

Author: jilles
Date: Sat Oct  8 13:40:12 2016
New Revision: 306843
URL: https://svnweb.freebsd.org/changeset/base/306843

Log:
  sh: Do not import IFS's value from the environment.
  
  Per Austin group issue #884, always set IFS to $' \t\n'. As before, IFS will
  be exported iff it was in the environment.
  
  Most shells (e.g. bash, ksh93 and mksh) already did this. This change
  improves predictability, in that scripts can simply rely on the default
  value.
  
  However, the effect on security is little, since applications should not be
  calling the shell with attacker-controlled environment variable names in the
  first place and other security-sensitive variables such as PATH should be
  and are imported by the shell.
  
  When using a new sh with an old (before 10.2) libc wordexp(), IFS is no
  longer passed on. Otherwise, wordexp() continues to pass along IFS from the
  environment per its documentation.
  
  Discussed with:	pfg
  Relnotes:	yes

Added:
  head/bin/sh/tests/parameters/ifs1.0   (contents, props changed)
Modified:
  head/bin/sh/sh.1
  head/bin/sh/tests/parameters/Makefile
  head/bin/sh/var.c

Modified: head/bin/sh/sh.1
==============================================================================

--- head/bin/sh/sh.1	Sat Oct  8 13:38:05 2016	(r306842)
+++ head/bin/sh/sh.1	Sat Oct  8 13:40:12 2016	(r306843)
@@ -32,7 +32,7 @@
 .\"	from: @(#)sh.1	8.6 (Berkeley) 5/4/95
 .\" $FreeBSD$
 .\"
-.Dd May 30, 2016
+.Dd October 8, 2016
 .Dt SH 1
 .Os
 .Sh NAME
@@ -1349,13 +1349,13 @@ used in tilde expansion and as a default
 built-in.
 .It Va IFS
 Input Field Separators.
-The default value is
+This is initialized at startup to
 .Aq space ,
 .Aq tab ,
 and
 .Aq newline
 in that order.
-This default also applies if
+This value also applies if
 .Va IFS
 is unset, but not if it is set to the empty string.
 See the

Modified: head/bin/sh/tests/parameters/Makefile
==============================================================================
--- head/bin/sh/tests/parameters/Makefile	Sat Oct  8 13:38:05 2016	(r306842)
+++ head/bin/sh/tests/parameters/Makefile	Sat Oct  8 13:40:12 2016	(r306843)
@@ -9,6 +9,7 @@ ATF_TESTS_SH=	functional_test
 
 ${PACKAGE}FILES+=	env1.0
 ${PACKAGE}FILES+=	exitstatus1.0
+${PACKAGE}FILES+=	ifs1.0
 ${PACKAGE}FILES+=	mail1.0
 ${PACKAGE}FILES+=	mail2.0
 ${PACKAGE}FILES+=	optind1.0

Added: head/bin/sh/tests/parameters/ifs1.0
==============================================================================
--- /dev/null	00:00:00 1970	(empty, because file is newly added)
+++ head/bin/sh/tests/parameters/ifs1.0	Sat Oct  8 13:40:12 2016	(r306843)
@@ -0,0 +1,10 @@
+# $FreeBSD$
+
+env IFS=_ ${SH} -c '
+rc=2
+nosuchtool_function() {
+	rc=0
+}
+v=nosuchtool_function
+$v && exit "$rc"
+'

Modified: head/bin/sh/var.c
==============================================================================
--- head/bin/sh/var.c	Sat Oct  8 13:38:05 2016	(r306842)
+++ head/bin/sh/var.c	Sat Oct  8 13:40:12 2016	(r306843)
@@ -186,6 +186,7 @@ initvar(void)
 		}
 	}
 	setvareq_const("OPTIND=1", 0);
+	setvareq_const("IFS= \t\n", 0);
 }
 
 /*
