Bash scripts can be tricky to get right so reusing proven solutions as shell script libraries is of immense value. However, the existing shell script sourcing mechanisms are suboptimal for this task.
The source builtin uses the PATH variable for resolving file names which means they would have to be placed alongside normal executables which could cause false positives: executables and commands might be accidentally sourced instead, causing hard to debug problems. This could be fixed by overriding PATH so that it contains only library directories but this interferes with the normal execution of the sourced scripts: they are no longer able to run commands normally because the commands are not in the PATH. This is an undesirable and ultimately unnecessary limitation. This patch set adds a special operating mode to the existing source builtin to make it behave in the desired way. When source is passed the -i option which stands for "isolated", it will search for files in the directories given by the BASH_SOURCE_PATH environment variable, and only in those directories. The PATH will not be modified. A build time configurable default value is defined which includes the user's home directory in addition to system directories, enabling users to easily develop their own scripting systems. Additionally, manipulation of the BASH_SOURCE_PATH variable is prevented whenever the shell is running in restricted mode. This allows users the same control over its value as they have over the value of PATH, thereby helping to prevent unintended sourcing of files. Changes compared to v1 patch set: - Rebased on top of devel branch - Dropped library terminology - Removed long options and all related code - Made helper functions static and local - Changed default source paths to avoid clashes - Restricted source path variable Matheus Afonso Martins Moreira (8): findcmd: parameterize path variable in functions findcmd: define find_in_path_var function builtins/source: extract file executor function builtins/source: refactor file searching function builtins/source: parse the -i option builtins/source: use source path in isolated mode variables: define default BASH_SOURCE_PATH shell: restrict BASH_SOURCE_PATH when appropriate builtins/source.def | 174 +++++++++++++++++++++++++++++++------------- config-top.h | 7 ++ findcmd.c | 32 +++++--- findcmd.h | 1 + shell.c | 1 + variables.c | 1 + 6 files changed, 153 insertions(+), 63 deletions(-) -- 2.44.0
