bash-custom-action/bash-4.3-extra-import-func.patch

105 lines
3.7 KiB
Diff
Raw Normal View History

---
builtins/shopt.def | 2 ++
doc/bash.1 | 7 +++++++
shell.c | 2 ++
variables.c | 13 ++++++++++++-
4 files changed, 23 insertions(+), 1 deletion(-)
--- shell.c
+++ shell.c 2014-09-25 20:11:51.000000000 +0000
@@ -230,6 +230,7 @@ int posixly_correct = 1; /* Non-zero mea
#else
int posixly_correct = 0; /* Non-zero means posix.2 superset. */
#endif
+int import_functions = IMPORT_FUNCTIONS_DEF; /* Import functions from environment */
/* Some long-winded argument names. These are obviously new. */
#define Int 1
@@ -249,6 +250,7 @@ static const struct {
{ "help", Int, &want_initial_help, (char **)0x0 },
{ "init-file", Charp, (int *)0x0, &bashrc_file },
{ "login", Int, &make_login_shell, (char **)0x0 },
+ { "import-functions", Int, &import_functions, (char **)0x0 },
{ "noediting", Int, &no_line_editing, (char **)0x0 },
{ "noprofile", Int, &no_profile, (char **)0x0 },
{ "norc", Int, &no_rc, (char **)0x0 },
--- variables.c
+++ variables.c 2014-10-06 08:36:41.299837915 +0000
@@ -110,6 +110,7 @@ extern time_t shell_start_time;
extern int assigning_in_environment;
extern int executing_builtin;
extern int funcnest_max;
+extern int import_functions;
#if defined (READLINE)
extern int no_line_editing;
@@ -328,6 +329,7 @@ initialize_shell_variables (env, privmod
char *name, *string, *temp_string;
int c, char_index, string_index, string_length, ro;
SHELL_VAR *temp_var;
+ int skipped_import;
create_variable_tables ();
@@ -352,9 +354,12 @@ initialize_shell_variables (env, privmod
temp_var = (SHELL_VAR *)NULL;
+ skipped_import = 0;
+ reval:
+
/* If exported function, define it now. Don't import functions from
the environment in privileged mode. */
- if (privmode == 0 && read_but_dont_execute == 0 &&
+ if (skipped_import == 0 && privmode == 0 && read_but_dont_execute == 0 &&
STREQN (BASHFUNC_PREFIX, name, BASHFUNC_PREFLEN) &&
STREQ (BASHFUNC_SUFFIX, name + char_index - BASHFUNC_SUFFLEN) &&
STREQN ("() {", string, 4))
@@ -367,6 +372,12 @@ initialize_shell_variables (env, privmod
tname = name + BASHFUNC_PREFLEN; /* start of func name */
tname[namelen] = '\0'; /* now tname == func name */
+ if (!import_functions && !interactive_shell) {
+ skipped_import = 1;
+ report_error (_("Skipping importing function definition for `%s': --import-functions required."), tname);
+ goto reval;
+ }
+
string_length = strlen (string);
temp_string = (char *)xmalloc (namelen + string_length + 2);
--- builtins/shopt.def
+++ builtins/shopt.def 2014-09-30 11:58:14.000000000 +0000
@@ -90,6 +90,7 @@ extern int autocd;
extern int glob_star;
extern int glob_asciirange;
extern int lastpipe_opt;
+extern int import_functions;
#if defined (EXTENDED_GLOB)
extern int extended_glob;
@@ -192,6 +193,7 @@ static struct {
{ "hostcomplete", &perform_hostname_completion, shopt_enable_hostname_completion },
#endif
{ "huponexit", &hup_on_exit, (shopt_set_func_t *)NULL },
+ { "import-functions", &import_functions, (shopt_set_func_t *)NULL },
{ "interactive_comments", &interactive_comments, set_shellopts_after_change },
{ "lastpipe", &lastpipe_opt, (shopt_set_func_t *)NULL },
#if defined (HISTORY)
--- doc/bash.1
+++ doc/bash.1 2014-09-30 12:09:40.000000000 +0000
@@ -240,6 +240,13 @@ The shell becomes restricted (see
.B "RESTRICTED SHELL"
below).
.TP
+.B \-\-import\-functions
+This shell is patched in such a way that shell functions in the inported environment
+will not be expanded due several security issues (e.g. CVE\-2014\-6271). This option
+can be used to enable this. It is also possible to use the
+.B shopt
+builtin to do this.
+.TP
.B \-\-verbose
Equivalent to \fB\-v\fP.
.TP