> On Sat, 16 Dec 2017 18:13:16 +0000, Jiri B wrote: > > On Sat, Dec 16, 2017 at 04:55:44PM +0000, kshe wrote: > > > Hi, > > > > > > Would a patch to bring back the `!' command to less(1) be accepted? The > > > commit message for its removal explains that ^Z should be used instead, > > > but that obviously does not work if less(1) is run from something else > > > than an interactive shell, for example when reading manual pages from a > > > vi(1) instance spawned directly by `xterm -e vi' in a window manager or > > > by `neww vi' in a tmux(1) session. > > > > Why should less be able to spawn another programs? This would undermine > > all pledge work. > > Because of at least `v' and `|', less(1) already is able to invoke > arbitrary programs, and accordingly needs the "proc exec" promise, so > bringing `!' back would not change anything from a security perspective > (otherwise, I would obviously not have made such a proposition). > > In fact, technically, what I want to do is still currently possible: > from any less(1) instance, one may use `v' to invoke vi(1), and then use > vi(1)'s own `!' command as desired. So the functionality of `!' is > still there; it was only made more difficult to reach for no apparent > reason.
No apparent reason? Good you have an opinion. I have a different opinion: We should look for rarely used functionality and gut it. Over the last 40 years people have felt a desire to add all possible features and options to all commands, and noone ever considered the impact of having all programs above to reach all system calls, and that these features are being installed in all program operating environents. Then someone adds less(1) to a script which requires security, and just like that it has none. The entire environment is poisoned, and people are pushed to jump to other environments which aren't poisoned in this way, until enough people arrive there, the feature explosion happens there also resulting in "reach all the system calls", and we're stuck in the same rut again. I don't think all programs should be able to run all other programs. As a result I support the idea of trying to find the things people don't actually use, and removing them incrementally. '|' should be on the list next. But you don't. Luckily you have other choices. Are you prepared to die on this hill that less must support '!'? If so, there's that FreeBSD hill over there..
