[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Bash-4.3 Official Patch 25
|
From: |
Jason Vas Dias |
|
Subject: |
Re: Bash-4.3 Official Patch 25 |
|
Date: |
Thu, 25 Sep 2014 14:50:03 +0100 |
Good day Chet, bash-list -
I just checked out the latest git head, applied the bash43-025 patch, and built
$ ./bash --version
GNU bash, version 4.3.25(3)-release (x86_64-unknown-linux-gnu)
...
which PASSED its 'make check' test suite, both under Ubuntu 14.04.1 LTS
and under RHEL-6.5+ , on an x86_64 (Haswell) 8-core platform .
But now there is an issue - bash seems to lose its idea of stdout / stderr being
a terminal within read loops, as illustrated by this test script (/tmp/t.sh):
<quote>
#!/bin/bash
tty
echo $'1\n2' > test.list;
while read line; do
tty;
done < test.list
</quote>
Its output illustrates the problem:
<quote>
$ ./bash /tmp/t.sh
/dev/pts/6
not a tty
not a tty
</quote>
This bug seems to have infected the latest Ubuntu bash release also,
which was created and pushed out today with the bash43-025 fix
for the CVE-2014-6271 issue :
<quote>
$ /bin/bash /tmp/t.sh
/dev/pts/6
not a tty
not a tty
</quote>
(/bin/bash is from the bash-4.3-7ubuntu1.1 package) .
But /dev/fd/1 remains the same file :
<quote>
#!/bin/bash
tty
ls -l /dev/fd/1;
echo $'1\n2' > test.list;
while read line; do
tty;
ls -l /dev/fd/1;
done < test.list
</quote>
Its output under Ubuntu bash:
$ /bin/bash /tmp/tsh
/dev/pts/6
lrwx------ 1 jvasdias jvd 64 Sep 25 14:47 /dev/fd/1 -> /dev/pts/6
not a tty
lrwx------ 1 jvasdias jvd 64 Sep 25 14:47 /dev/fd/1 -> /dev/pts/6
not a tty
lrwx------ 1 jvasdias jvd 64 Sep 25 14:47 /dev/fd/1 -> /dev/pts/6
This is rather confusing !
Any ideas what may the the issue here ?
Thanks & Regards,
Jason
On 9/24/14, Chet Ramey <chet.ramey@case.edu> wrote:
> BASH PATCH REPORT
> =================
>
> Bash-Release: 4.3
> Patch-ID: bash43-025
>
> Bug-Reported-by: Stephane Chazelas <stephane.chazelas@gmail.com>
> Bug-Reference-ID:
> Bug-Reference-URL:
>
> Bug-Description:
>
> Under certain circumstances, bash will execute user code while processing
> the
> environment for exported function definitions.
>
> Patch (apply with `patch -p0'):
>
> *** ../bash-4.3-patched/builtins/common.h 2013-07-08 16:54:47.000000000
> -0400
> --- builtins/common.h 2014-09-12 14:25:47.000000000 -0400
> ***************
> *** 34,37 ****
> --- 49,54 ----
> #define SEVAL_PARSEONLY 0x020
> #define SEVAL_NOLONGJMP 0x040
> + #define SEVAL_FUNCDEF 0x080 /* only allow function
> definitions */
> + #define SEVAL_ONECMD 0x100 /* only allow a single command
> */
>
> /* Flags for describe_command, shared between type.def and command.def */
> *** ../bash-4.3-patched/builtins/evalstring.c 2014-02-11 09:42:10.000000000
> -0500
> --- builtins/evalstring.c 2014-09-14 14:15:13.000000000 -0400
> ***************
> *** 309,312 ****
> --- 313,324 ----
> struct fd_bitmap *bitmap;
>
> + if ((flags & SEVAL_FUNCDEF) && command->type != cm_function_def)
> + {
> + internal_warning ("%s: ignoring function definition attempt",
> from_file);
> + should_jump_to_top_level = 0;
> + last_result = last_command_exit_value = EX_BADUSAGE;
> + break;
> + }
> +
> bitmap = new_fd_bitmap (FD_BITMAP_SIZE);
> begin_unwind_frame ("pe_dispose");
> ***************
> *** 369,372 ****
> --- 381,387 ----
> dispose_fd_bitmap (bitmap);
> discard_unwind_frame ("pe_dispose");
> +
> + if (flags & SEVAL_ONECMD)
> + break;
> }
> }
> *** ../bash-4.3-patched/variables.c 2014-05-15 08:26:50.000000000 -0400
> --- variables.c 2014-09-14 14:23:35.000000000 -0400
> ***************
> *** 359,369 ****
> strcpy (temp_string + char_index + 1, string);
>
> ! if (posixly_correct == 0 || legal_identifier (name))
> ! parse_and_execute (temp_string, name, SEVAL_NONINT|SEVAL_NOHIST);
> !
> ! /* Ancient backwards compatibility. Old versions of bash exported
> ! functions like name()=() {...} */
> ! if (name[char_index - 1] == ')' && name[char_index - 2] == '(')
> ! name[char_index - 2] = '\0';
>
> if (temp_var = find_function (name))
> --- 364,372 ----
> strcpy (temp_string + char_index + 1, string);
>
> ! /* Don't import function names that are invalid identifiers from the
> ! environment, though we still allow them to be defined as shell
> ! variables. */
> ! if (legal_identifier (name))
> ! parse_and_execute (temp_string, name,
> SEVAL_NONINT|SEVAL_NOHIST|SEVAL_FUNCDEF|SEVAL_ONECMD);
>
> if (temp_var = find_function (name))
> ***************
> *** 382,389 ****
> report_error (_("error importing function definition for `%s'"),
> name);
> }
> -
> - /* ( */
> - if (name[char_index - 1] == ')' && name[char_index - 2] == '\0')
> - name[char_index - 2] = '('; /* ) */
> }
> #if defined (ARRAY_VARS)
> --- 385,388 ----
> *** ../bash-4.3-patched/subst.c 2014-08-11 11:16:35.000000000 -0400
> --- subst.c 2014-09-12 15:31:04.000000000 -0400
> ***************
> *** 8048,8052 ****
> goto return0;
> }
> ! else if (var = find_variable_last_nameref (temp1))
> {
> temp = nameref_cell (var);
> --- 8118,8124 ----
> goto return0;
> }
> ! else if (var && (invisible_p (var) || var_isset (var) == 0))
> ! temp = (char *)NULL;
> ! else if ((var = find_variable_last_nameref (temp1)) && var_isset
> (var) && invisible_p (var) == 0)
> {
> temp = nameref_cell (var);
> *** ../bash-4.3/patchlevel.h 2012-12-29 10:47:57.000000000 -0500
> --- patchlevel.h 2014-03-20 20:01:28.000000000 -0400
> ***************
> *** 26,30 ****
> looks for to find the patch level (for the sccs version string). */
>
> ! #define PATCHLEVEL 24
>
> #endif /* _PATCHLEVEL_H_ */
> --- 26,30 ----
> looks for to find the patch level (for the sccs version string). */
>
> ! #define PATCHLEVEL 25
>
> #endif /* _PATCHLEVEL_H_ */
>
> --
> ``The lyf so short, the craft so long to lerne.'' - Chaucer
> ``Ars longa, vita brevis'' - Hippocrates
> Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/
>
>
Re: Bash-4.3 Official Patch 25,
Jason Vas Dias <=