Hi Craig, Craig Skinner wrote on Tue, Mar 03, 2015 at 04:23:59PM +0000: > On 2015-03-03 Tue 16:46 PM |, Ingo Schwarze wrote:
>> That looks like the "man" you are executing is a shell script starting >> with "#!/bin/sh". In particular, it does not look like the mandoc >> implementation of man(1) because that doesn't create temporary files. Wrong guess on my part. :) Thanks for the additional info. Now i understand: schwarze@isnote $ /bin/rksh $ echo $SHELL /bin/ksh $ oman man | wc 185 1066 9857 $ ^D schwarze@isnote $ export SHELL=/bin/rksh schwarze@isnote $ /bin/rksh $ echo $SHELL /bin/rksh $ oman man sh: /tmp/man.Y6LfRbb1ys: restricted sh: /usr/bin/less: restricted Here, "oman" is the OpenBSD 5.6 man binary running on -current. So, what happens is this: the traditional BSD man(1) used in OpenBSD 5.6 uses system(3), see build_page() and main() in the file /usr/src/usr.bin/man/man.c. Looking at the file /usr/src/lib/libc/stdlib/system.c, you see that system(3) runs _PATH_BSHELL, which is "/bin/sh" according to /usr/include/paths.h. When you have SHELL set to /bin/ksh, the shell executed by system(3) is unrestricted, so it *can* write to the temp file, and it can start the pager with an absolute path. That's why tedu@ failed to reproduce your issue, i think. On the other hand, when you have SHELL set to /bin/rksh, the shell executed by system(3) is restricted and stuff fails - what you saw. Now, the old BSD man(1) isn't very secure (system(3) - yikes!), and as you see, the whole concept of restricted shells isn't very secure either, more like some Swiss cheese: At least it's easy to inadvertently set up in a way that the restrictions don't actually take effect or can be circumvented. Here is another "exploit" of a technology that is weak in the first place: schwarze@isnote $ echo $SHELL /bin/rksh schwarze@isnote $ /bin/rksh $ cd / /bin/rksh: cd: restricted shell - can't cd $ csh isnote:schwarze {1} cd / isnote: {2} pwd / isnote: {3} The good news is that: * OpenBSD 5.7 no longer uses the old BSD man(1). * man(1) no longer writes temp files but uses pipe(2). * man(1) no longer uses system(3). * With the new mandoc implementation of man(1) in OpenBSD 5.7, man(1) works no matter what, even in a restricted shell with SHELL set to /bin/rksh. So i fixed your problem some months before you reported it. :-) Yours, Ingo