[ksh93-integration-discuss] Switching to "restricted" (rksh) modeusing shell runtime ?

Tue Jun 6 20:36:02 PDT 2006

Roland Mainz wrote:
> Is there a way in ksh93 to switch to  "restricted" (=rksh) mode during
> runtime of the shell ?
> The idea is to switch to "restricted" within a suub-shell when
> processing some user input...
> 
> I tried "set -o restricted" to switch to "restricted" mode but that
> fails like this:
> -- snip --
> % ksh -c 'true ; (set -o restricted ; echo "foo" ; exec >/blabla) ;
> true'
> ksh[1]: set: restricted: bad option(s)
> Usage: set [-sabefhkmnptuvxBCGH] [-A name] [-o[option]] [arg ...]
> -- snip --
> 
> Is there any other way ?

It seems there is no way...
... attached is a small patch
("ksh93_libshell_set_restricted_mode_once_001.diff.txt") for libshell
which gets this working. The patch allows someone to turn on the
"restricted" mode in a one-way fashion, e.g. it is not possible to
disable it anymore (which could be a security hole) once it was enabled.

Test output then looks like this:
-- snip --
% ./ksh -c 'set -x ; echo "start" ; cd . ; (echo "mark 1" ; set -o
restricted ; cd .) ; echo "mark2" ; (set -o restricted ; echo "mark4" ;
set -o restricted=0) ; echo "mark5"')
+ echo start
start
+ cd .
+ echo 'mark 1'
mark 1
+ set -o restricted
+ cd .
../../cmd/ksh/i386/ksh[1]: cd: restricted
+ echo mark2
mark2
+ set -o restricted
+ echo mark4
mark4
../../cmd/ksh/i386/ksh[1]: set: restricted=0: bad option(s)
Usage: set [-sabefhkmnptuvxBCGH] [-A name] [-o[option]] [arg ...]
+ echo mark5
mark5
-- snip --

David/Glenn:
Is there still time to get this functionality into ksh93r+ ? It may be
very usefull for the |wordexp()| work on Solaris and some other stuff,
too...

----

Bye,
Roland

-- 
  __ .  . __
 (o.\ \/ /.o) roland.mainz at nrubsig.org
  \__\/\/__/  MPEG specialist, C&&JAVA&&Sun&&Unix programmer
  /O /==\ O\  TEL +49 641 7950090
 (;O/ \/ \O;)
-------------- next part --------------
Index: common/include/defs.h
===================================================================

--- common/include/defs.h	(revision 269)
+++ common/include/defs.h	(working copy)
@@ -229,6 +229,7 @@
 #define SH_COMMANDLINE		0x100
 #define SH_BASHEXTRA		0x200
 #define SH_BASHOPT		0x400
+#define SH_SETONONLY		0x800 /* disallow setting the flag to "off" */
 
 #if SHOPT_BASH
 #   ifndef SHOPT_HISTEXPAND
Index: common/data/options.c
===================================================================
--- common/data/options.c	(revision 269)
+++ common/data/options.c	(working copy)
@@ -98,7 +98,7 @@
 	bashopt("progcomp",		SH_PROGCOMP)
 	bashopt("promptvars",		SH_PROMPTVARS)
 	"rc",				SH_RC|SH_COMMANDLINE,
-	"restricted",			SH_RESTRICTED|SH_COMMANDLINE,
+	"restricted",			SH_RESTRICTED|SH_SETONONLY,
 	bashopt("restricted_shell",	SH_RESTRICTED2|SH_COMMANDLINE)
 	bashopt("shift_verbose",	SH_SHIFT_VERBOSE)
 	bashopt("sourcepath",		SH_SOURCEPATH)
Index: common/sh/args.c
===================================================================
--- common/sh/args.c	(revision 269)
+++ common/sh/args.c	(working copy)
@@ -189,7 +189,8 @@
 			if(o<=0
 				|| (!sh_isoption(SH_BASH) && (o&SH_BASHEXTRA))
 				|| ((!sh_isoption(SH_BASH) || n=='o') && (o&SH_BASHOPT))
-				|| (setflag && (o&SH_COMMANDLINE)))
+				|| (setflag && (o&SH_COMMANDLINE))
+				|| (setflag && (f == 0) && (o&SH_SETONONLY)))
 			{
 				errormsg(SH_DICT,2, e_option, opt_info.arg);
 				error_info.errors++;
