Hello all.
Just got that:
1. ksh updates it's "real" argv when "set --" is used.
2. /etc/netstart does the following (excerpts):
while :; do
if [ "$cmd2" ]; then
set -- $cmd2
# ...
else
read af name mask bcaddr ext1 ext2 || break
fi
case "$af" in
# ...
*)
# ...
case "$dt" in
# ...
*)
cmd2="$dt $dtaddr"
;;
esac
# ...
esac
# ...
done < /etc/hostname.$if
You see - the possible secrets hiding in the /etc/hostname.* may
be revealed by monitoring command arguments. /etc/hostname.* could
be configuring tunnels or something hot-pluggable, it's legal to
be called after system start. Even more, hotplugd(8) recommends this
way of network interface initialization.
The problem is that there is no good way to shift any array in shell.
Best possible involves multiple translations from array to string and
back, which is not acceptable, IMHO.
So the possible choices I see are:
1. Make ksh does not update positional arguments (copy them on start).
2. Allow ksh to shift array operands when in non-POSIX mode by the
following syntax: "shift [arrayname] [count]", being count
distinguished from arrayname by checking is it a number or not.
3. Ignore possible problems with multiple translations, and do some
tricks using them.
What do you think?
Also, other shell scripts dealing with secrets should be cheked too,
of course; I'll try to do that, but a bit later.
--
Best wishes,
Vadim Zhukov
A: Because it messes up the order in which people normally read text.
Q: Why is top-posting such a bad thing?
A: Top-posting.
Q: What is the most annoying thing in e-mail?
