NetBSD Problem Report #51207

From kre@munnari.OZ.AU  Wed Jun  1 04:54:11 2016
Return-Path: <kre@munnari.OZ.AU>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 1F54F7ABE5
	for <gnats-bugs@www.netbsd.org>; Wed,  1 Jun 2016 04:54:11 +0000 (UTC)
Message-Id: <201606010453.u514rof2017683@andromeda.noi.kre.to>
Date: Wed, 1 Jun 2016 11:53:50 +0700 (ICT)
From: kre@munnari.OZ.AU
To: gnats-bugs@www.netbsd.org
Subject: /bin/sh ". /dev/tty" discards the first 4 characters of tty input
X-Send-Pr-Version: 3.95

>Number:         51207
>Category:       bin
>Synopsis:       /bin/sh ". /dev/tty" discards the first 4 characters of tty input
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kre
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Wed Jun 01 04:55:00 +0000 2016
>Closed-Date:    Wed Jun 01 05:12:52 +0000 2016
>Last-Modified:  Wed Jun 01 05:15:02 +0000 2016
>Originator:     Robert Elz
>Release:        NetBSD 7 -->
>Organization:
>Environment:
System: NetBSD andromeda.noi.kre.to 7.99.26 NetBSD 7.99.26 (VBOX64-1.1-20160128) #43: Thu Jan 28 16:09:08 ICT 2016 kre@onyx.coe.psu.ac.th:/usr/obj/current/kernels/amd64/VBOX64 amd64
Architecture: x86_64
Machine: amd64
>Description:
	The test to avoid reading ELF binaries as shell scripts
	reads the first 4 characters to compare them with the ELF
	magic number - then rewinds the file so the data there can
	be read in the normal shell read path.   That fails on
	devices where lseek() is ignored (like ttys).   If the lseek()
	generates an error, the shell aborts reading the file (which
	is OK, such files are almost certainly not really shell input)
	but when the lseek() fails silently, the shell has lost the
	4 chars it read.

>How-To-Repeat:

	sh /dev/tty
	echo hello
	hello: not found

	The first 4 chars "echo" are dropped, leaving " hello" as the cmd.

	sh /dev/tty
	    echo hello
	hello
	^D

	The four spaces (which can be anything except the ELF magic number)
	are dropped, then all works OK.

	or in an older shell, do ...

	/bin/sh -c '. /dev/tty'
	echo hello
	hello: not found

	/bin/sh -c '. /dev/tty'
	    echo hello
	hello
	^D

>Fix:
	An elaborate pushback smethod could be used to return the lost data
	to the shell input stream (it already has the mechanism) but
	it is easier to just only test for ELF on regular files, not
	on devices, piper, etc (if someone uses a named pipe as input
	and that pipe contains an ELF binary, then let them suffer!)

	So that is what will be done soon.

	The '.' version of the problem does not currently exist in the
	NetBSD current shell, as . of non-regular files is currently
	prohibited.   But that is about to be fixed, and that instance
	of the bug would have reappeared (it was testing the change to
	allow . on other kinds of files that uncovered this.)

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: bin-bug-people->kre
Responsible-Changed-By: kre@NetBSD.org
Responsible-Changed-When: Wed, 01 Jun 2016 04:56:49 +0000
Responsible-Changed-Why:
I am (for now) handling this PR


State-Changed-From-To: open->analyzed
State-Changed-By: kre@NetBSD.org
State-Changed-When: Wed, 01 Jun 2016 04:56:49 +0000
State-Changed-Why:
Problem understood, fix imminent


State-Changed-From-To: analyzed->closed
State-Changed-By: kre@NetBSD.org
State-Changed-When: Wed, 01 Jun 2016 05:12:52 +0000
State-Changed-Why:
Problem fixed


From: "Robert Elz" <kre@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/51207 CVS commit: src/bin/sh
Date: Wed, 1 Jun 2016 05:11:52 +0000

 Module Name:	src
 Committed By:	kre
 Date:		Wed Jun  1 05:11:52 UTC 2016

 Modified Files:
 	src/bin/sh: input.c

 Log Message:
 PR bin/51207   Only check for ELF bnaries in regular files.


 To generate a diff of this commit:
 cvs rdiff -u -r1.50 -r1.51 src/bin/sh/input.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

>Unformatted:

Home	PR Database Search