Hi Craig,
Craig Skinner wrote on Tue, Mar 03, 2015 at 04:23:59PM +0000:
> On 2015-03-03 Tue 16:46 PM |, Ingo Schwarze wrote:
>> That looks like the "man" you are executing is a shell script starting
>> with "#!/bin/sh". In particular, it does not look like the mandoc
>> implementation of man(1) because that doesn't create temporary files.
Wrong guess on my part. :)
Thanks for the additional info. Now i understand:
schwarze@isnote $ /bin/rksh
$ echo $SHELL
/bin/ksh
$ oman man | wc
185 1066 9857
$ ^D
schwarze@isnote $ export SHELL=/bin/rksh
schwarze@isnote $ /bin/rksh
$ echo $SHELL
/bin/rksh
$ oman man
sh: /tmp/man.Y6LfRbb1ys: restricted
sh: /usr/bin/less: restricted
Here, "oman" is the OpenBSD 5.6 man binary running on -current.
So, what happens is this: the traditional BSD man(1) used in OpenBSD
5.6 uses system(3), see build_page() and main() in the file
/usr/src/usr.bin/man/man.c. Looking at the file
/usr/src/lib/libc/stdlib/system.c, you see that system(3) runs
_PATH_BSHELL, which is "/bin/sh" according to /usr/include/paths.h.
When you have SHELL set to /bin/ksh, the shell executed by system(3)
is unrestricted, so it *can* write to the temp file, and it can
start the pager with an absolute path. That's why tedu@ failed to
reproduce your issue, i think.
On the other hand, when you have SHELL set to /bin/rksh, the shell
executed by system(3) is restricted and stuff fails - what you saw.
Now, the old BSD man(1) isn't very secure (system(3) - yikes!),
and as you see, the whole concept of restricted shells isn't
very secure either, more like some Swiss cheese: At least it's
easy to inadvertently set up in a way that the restrictions don't
actually take effect or can be circumvented. Here is another
"exploit" of a technology that is weak in the first place:
schwarze@isnote $ echo $SHELL
/bin/rksh
schwarze@isnote $ /bin/rksh
$ cd /
/bin/rksh: cd: restricted shell - can't cd
$ csh
isnote:schwarze {1} cd /
isnote: {2} pwd
/
isnote: {3}
The good news is that:
* OpenBSD 5.7 no longer uses the old BSD man(1).
* man(1) no longer writes temp files but uses pipe(2).
* man(1) no longer uses system(3).
* With the new mandoc implementation of man(1) in OpenBSD 5.7,
man(1) works no matter what, even in a restricted shell
with SHELL set to /bin/rksh.
So i fixed your problem some months before you reported it. :-)
Yours,
Ingo
