Austin Group Bug Tracker
2014-10-16 19:46:41 UTC
The following issue has been SUBMITTED.
======================================================================
http://www.austingroupbugs.net/view.php?id=884
======================================================================
Reported By: rhansen
Assigned To:
======================================================================
Project: 1003.1(2013)/Issue7+TC1
Issue ID: 884
Category: Shell and Utilities
Type: Enhancement Request
Severity: Editorial
Priority: normal
Status: New
Name: Richard Hansen
Organization: BBN
User Reference:
Section: sh
Page Number: 3191-3192
Line Number: 106811-106813
Interp Status: ---
Final Accepted Text:
======================================================================
Date Submitted: 2014-10-16 19:46 UTC
Last Modified: 2014-10-16 19:46 UTC
======================================================================
Summary: require sh to set IFS to <space><tab><newline> on
startup
Description:
Scripts almost never explicitly set IFS, so permitting the shell to inherit
IFS from the environment is a recipe for hard-to-diagnose bugs (including
possible security vulnerabilities).
While I have not done a thorough investigation, all of the implementations
I've looked at already set IFS to <space><tab><newline> on startup.
Desired Action:
On page 2325 lines 73796-73798, change:
<blockquote>Implementations may ignore the value of <i>IFS</i> in the
environment, or the absence of <i>IFS</i> from the environment, at the time
the shell is invoked, in which case the shell shall set <i>IFS</i> to
<space><tab><newline> when it is invoked.</blockquote>
to:
<blockquote>The shell shall set <i>IFS</i> to <space><tab><newline> when it
is invoked.</blockquote>
On pages 3191-3192, remove lines 106806-106813 (IFS in sh's Environment
Variables section).
On page 3203 lines 107331-107334 (sh Rationale), change:
<blockquote>The KornShell ignores the contents of <i>IFS</i> upon entry to
the script. A conforming application cannot rely on importing <i>IFS</i>.
One justification for this, beyond security considerations, is to assist
possible future shell compilers.</blockquote>
to:
<blockquote>One justification for ignoring the contents of <i>IFS</i> upon
entry to the script, beyond security considerations, is to assist possible
future shell compilers.</blockquote>
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2014-10-16 19:46 rhansen New Issue
2014-10-16 19:46 rhansen Name => Richard Hansen
2014-10-16 19:46 rhansen Organization => BBN
2014-10-16 19:46 rhansen Section => sh
2014-10-16 19:46 rhansen Page Number => 3191-3192
2014-10-16 19:46 rhansen Line Number => 106811-106813
2014-10-16 19:46 rhansen Interp Status => ---
======================================================================
======================================================================
http://www.austingroupbugs.net/view.php?id=884
======================================================================
Reported By: rhansen
Assigned To:
======================================================================
Project: 1003.1(2013)/Issue7+TC1
Issue ID: 884
Category: Shell and Utilities
Type: Enhancement Request
Severity: Editorial
Priority: normal
Status: New
Name: Richard Hansen
Organization: BBN
User Reference:
Section: sh
Page Number: 3191-3192
Line Number: 106811-106813
Interp Status: ---
Final Accepted Text:
======================================================================
Date Submitted: 2014-10-16 19:46 UTC
Last Modified: 2014-10-16 19:46 UTC
======================================================================
Summary: require sh to set IFS to <space><tab><newline> on
startup
Description:
Scripts almost never explicitly set IFS, so permitting the shell to inherit
IFS from the environment is a recipe for hard-to-diagnose bugs (including
possible security vulnerabilities).
While I have not done a thorough investigation, all of the implementations
I've looked at already set IFS to <space><tab><newline> on startup.
Desired Action:
On page 2325 lines 73796-73798, change:
<blockquote>Implementations may ignore the value of <i>IFS</i> in the
environment, or the absence of <i>IFS</i> from the environment, at the time
the shell is invoked, in which case the shell shall set <i>IFS</i> to
<space><tab><newline> when it is invoked.</blockquote>
to:
<blockquote>The shell shall set <i>IFS</i> to <space><tab><newline> when it
is invoked.</blockquote>
On pages 3191-3192, remove lines 106806-106813 (IFS in sh's Environment
Variables section).
On page 3203 lines 107331-107334 (sh Rationale), change:
<blockquote>The KornShell ignores the contents of <i>IFS</i> upon entry to
the script. A conforming application cannot rely on importing <i>IFS</i>.
One justification for this, beyond security considerations, is to assist
possible future shell compilers.</blockquote>
to:
<blockquote>One justification for ignoring the contents of <i>IFS</i> upon
entry to the script, beyond security considerations, is to assist possible
future shell compilers.</blockquote>
======================================================================
Issue History
Date Modified Username Field Change
======================================================================
2014-10-16 19:46 rhansen New Issue
2014-10-16 19:46 rhansen Name => Richard Hansen
2014-10-16 19:46 rhansen Organization => BBN
2014-10-16 19:46 rhansen Section => sh
2014-10-16 19:46 rhansen Page Number => 3191-3192
2014-10-16 19:46 rhansen Line Number => 106811-106813
2014-10-16 19:46 rhansen Interp Status => ---
======================================================================