Re: env fix

2015-01-12 Thread Todd C. Miller
On Mon, 12 Jan 2015 12:14:51 -0700, Theo de Raadt wrote: > How about this? Makes sense to me. OK millert@ - todd

Re: env fix

2015-01-12 Thread Todd C. Miller
On Mon, 12 Jan 2015 14:11:19 -0500, Ted Unangst wrote: > Alas, the posix spec for env doesn't require that arguments be > correctly formatted environment variables. There is no such thing as a correctly formatted environment variable. The restrictions are only for *shell* variables. The shell is

Re: env fix

2015-01-12 Thread Theo de Raadt
> Alas, the posix spec for env doesn't require that arguments be > correctly formatted environment variables. > > What if we just delete the BUGS section from the man page? That's > really what annoys me here. I think fixing bugs is much preferable to > documenting bugs, but if it's the intended o

Re: env fix

2015-01-12 Thread Ted Unangst
On Sun, Jan 11, 2015 at 23:17, Jérémie Courrèges-Anglas wrote: > Philip Guenther writes: > >> On Sun, 11 Jan 2015, Ted Unangst wrote: >>> Even more awesome. >> >> How about enforcing the full rule? > > IIUC the first diff removed '/' from the characters allowed in an > environment variable, so t

Re: env fix

2015-01-11 Thread Theo de Raadt
> > On Sun, 11 Jan 2015, Ted Unangst wrote: > >> Even more awesome. > > > > How about enforcing the full rule? > > IIUC the first diff removed '/' from the characters allowed in an > environment variable, so that one can run env(1) and a program whose > name contains '='... I've never seen such a

Re: env fix

2015-01-11 Thread Jérémie Courrèges-Anglas
Philip Guenther writes: > On Sun, 11 Jan 2015, Ted Unangst wrote: >> Even more awesome. > > How about enforcing the full rule? IIUC the first diff removed '/' from the characters allowed in an environment variable, so that one can run env(1) and a program whose name contains '='... I've never s

Re: env fix

2015-01-11 Thread Ted Unangst
On Sun, Jan 11, 2015 at 13:53, Philip Guenther wrote: > On Sun, 11 Jan 2015, Ted Unangst wrote: >> Even more awesome. > > How about enforcing the full rule? And now you've gone full awesome.

Re: env fix

2015-01-11 Thread Philip Guenther
On Sun, 11 Jan 2015, Ted Unangst wrote: > Even more awesome. How about enforcing the full rule? Index: env.c === RCS file: /cvs/src/usr.bin/env/env.c,v retrieving revision 1.15 diff -u -p -r1.15 env.c --- env.c 8 Mar 2014 00:09

Re: env fix

2015-01-11 Thread Ted Unangst
On Sun, Jan 11, 2015 at 11:26, Philip Guenther wrote: > On Sun, Jan 11, 2015 at 9:36 AM, Ted Unangst wrote: >> env won't run a command with an = in its name. This is documented as a >> bug, but it's easily fixed in a backwards compatible way. > ... >> + if (strcmp(*argv, "--") == 0) >> +

Re: env fix

2015-01-11 Thread Philip Guenther
On Sun, Jan 11, 2015 at 9:36 AM, Ted Unangst wrote: > env won't run a command with an = in its name. This is documented as a > bug, but it's easily fixed in a backwards compatible way. ... > + if (strcmp(*argv, "--") == 0) > + argv++; No, "env foo=bar -- baz=qux" really should

env fix

2015-01-11 Thread Ted Unangst
env won't run a command with an = in its name. This is documented as a bug, but it's easily fixed in a backwards compatible way. Index: env.1 === RCS file: /cvs/src/usr.bin/env/env.1,v retrieving revision 1.19 diff -u -p -r1.19 env.1